Links

• The O'Reilly Bind Book
• DNS Howto
• DNS Check
• http://www.dns.net/dnsrd/
• Dig HOWTO
• DNS tips&tricks
• DNS entropy
• Configuring reverse dns
• DNS subdomains
• What's EDNS All About (And Why Should I Care)?

DNS chcecks

• Domain Check
• mtoolbox dns check
• dnviz

HOWTO

Documentation

Zone files

• Anatomy of a bind zone file

SOA record

ns1.example.com admin.example.com 2013022001 86400 7200 604800 300

• The primary name server for the domain, which is ns1.dnsimple.com or the first name server in the vanity name server list.
• The responsible party for the domain: admin.dnsimple.com.
• A timestamp that changes whenever you update your domain.
• The number of seconds before the zone should be refreshed.
• The number of seconds before a failed refresh should be retried.
• The upper limit in seconds before a zone is considered no longer authoritative.
• The negative result TTL (for example, how long a resolver should consider a negative result for a subdomain to be valid before retrying).

Glue records

• Glue Records and Dedicated DNS

Software

BIND

• Bind homepage

Maradns

A nice caching DNS.

• http://www.maradns.org/

Tools

dnstop

Show what is being looked up

dnstop -l 3 eth0

and then hit 3

• Dig
• dnsping
• dnsdiag
• dnzviz

FAQ

Get hints file

dig @m.root-servers.net. ns .

Find server handling reverse

dig -x 10.11.12.13

Wildcard record

;seems unwise to use CNAMES for this
@ IN A 10.0.0.1
* IN A 10.0.0.1

DNS amplification test

dig +short +tries=1 +time=2 test.openresolver.com TXT @$ip

Local NS list does not match Parent NS list

Probably a slave/secundary server out of sync

Terms

SOA

Start Of Authority
      

• Understanding SOA records