Jump to content

DNS Learning Checklist


rev.dennis
 Share

Recommended Posts

Here are some topics/checklist to cover when learning DNS


 


 


1: DNS Theory

  • History of Name Servers
  • DNS Organization
  • The elements of a domain name
  • Authority and Delegation
  • DNS Operational Hierarchy (name servers and resolvers)
  • The DNS protocol
  • DNS Queries (recursive and iterative)
  • Zone transfer (AXFR and IXFR)
  • NOTIFY
2: Domains and Zones

  • Forward Mapping
  • Reverse Mapping
  • Zone File Construction - best practices
  • Resource Records (RRs)
  • SOA RR
  • NS RR
  • MX RR
  • CNAME RR
  • A (IPv4) and AAAA (IPv6) RRs
  • PTR RR
  • TXT RR (SPF)
3: Major DNS Types

  • Master DNS
  • Slave DNS
  • Caching DNS
  • Forwarding (Proxy) DNS
  • Stealth DNS
  • Authoritative Only DNS
4: Installing BIND

  • Installation of BIND on Linux (FreeBSD and Windows)
  • The default chroot installation
  • Starting and stopping BIND
  • RNDC default install
  • DIG/NSLOOKUP basics
5: BIND Configuration

  • BIND's named.conf layout and principles
  • The controls clause
  • The logging clause
  • The options clause
  • The zone clause
  • The ACL clause
  • BINDs view clause
  • Essential zone files
6: DNS and Ipv6

  • Forward mapping - the AAAA RR
  • Reverse mapping - the PTR and DNAME RR
7: Advanced Zone Files

  • Load balancing
  • In-zone and out-of-zone records
  • Parent and child domains
  • Subdomain delegation
  • Glue Records
  • SRV RR
  • NAPTR RR
8: DNS Tools and Diagnostics

  • DIG
  • NSLOOKUP
  • RNDC
  • Validation utilities
  • Log analysis
9: Dynamic DNS (DDNS)

  • DDNS - theory and implications
  • Using nsupdate
  • Disabling and controlling DDNS
  • Exercise
10: Advanced Topics

  • DNS and DHCP (auto-update)
  • Security overview
  • Open and closed DNS
  • DNS uses - DNSBL, ENUM
  • DNS best practise
  • DNS Resources

 


11: DNS Refresher

  • The DNS hierarchy (name servers and resolvers)
  • Authoritative and cached responses
  • Delegation - Parent and child domains
  • Forward and Reverse mapping
  • Zone files - best practice
  • DNS types
  • Diagnostic Tools - DIG, NSLOOKUP
12: DNS Security Basics

  • Security overview
  • Security threat analysis
  • DNS security scope (Zone transfer, DDNS, Zone integrity)
  • Stealth configuration
  • Administrative security (jails, permissions, server configurations)
  • BIND Logs
  • BIND's server clause
  • Cache Poisoning 101
  • RNDC - advanced configuration
  • Mail Anti-SPAM (SPF, DKIM)
13: Stealth Configurations

  • Configuration objectives
  • Authoritative Only servers
  • Hidden Masters
  • BIND's view clause - benefits and limitations
  • BIND and NSD
  • Implications - zone transfer, DDNS, logs
14: Load-Balancing and Failover

  • DNS and other solutions
  • RR type strategies
  • Benefits and limitations
  • rrset-order and sortlist
15: DNS and DHCP

  • DDNS for auto-update of forward maps
  • Reverse maps
  • Securing DDNS
  • IPv6 implications
  • DNS in Heterogeneous environments (Windows/Linux/Unix)

 


16: DNS Security Basics

  • Security overview
  • Security threat analysis
  • DNS security scope (Zone transfer, DDNS, zone integrity)
  • Stealth configuration
  • BIND's view clause
  • Administrative security (jails, permissions, server configurations)
  • BIND Logs
  • BIND's server clause
17: Cryptographic Introduction

  • DNS usage of modern cryptography
  • Symmetric cryptography
  • Asymmetric cryptography
  • Message digests
  • Message authentication codes (MAC)
  • Digital signatures
  • Key Management
  • The KEY RR
  • BIND's key generation tools
18: Securing Zone Transfers

  • Methods - allow-transfer, TSIG, SIG(0) and TKEY
  • The TSIG (symmetric cryptography) process
  • The OPT meta (or pseudo) RR
19: Securing DDNS

  • Methods - allow-update, update-policy, TSIG and SIG(0)
  • The SIG(0) (asymmetric cryptography) process
  • Exercise
  • The SIG RR
20: Zone Integrity

  • The DNS security environment
  • Security-aware and security oblivious
  • Securing zones - zone signing
  • Chains of trust and islands
  • Key rollover and maintenance
  • Current implementation status
  • Alternate chains of trust - DLV
21: Zone signing

  • Zone and key signing keys
  • The DNSKEY, NSEC, NSEC3, RRSIG and DS RRs
  • The dnssec-signzone utility
22: Keyrollover and Maintenance

  • Double signing
  • Pre-publish

DNS_Intro_Course.pdf

Link to comment
Share on other sites

  • 2 months later...
 Share

×
×
  • Create New...