A small taste of the Men&Mice training courses, organized alphabetically.
Apr 26th, 2019
As you’ve probably discovered by now, we have an honest passion for teaching and training. For the past 20 years, Men&Mice has been offering DNS and BIND courses across the globe. Always updated and always practical, from the start we've constructed classes to address real world challenges and solve problems that our students actually face.
And the onslaught of new challenges never stops. Public and private networks. Cloud and on-prem resources. Hybrid and multiclouds. Privacy, security, efficiency.
Being on top of our game means constantly learning.
In this new series, we'd like to give you a small taste of the Men&Mice training courses. Organized alphabetically, we'll cover a glossary of select tips, tricks, and trivia that will deepen your understanding of DNS and BIND.
Without further ado, let's get started!
Anonymizing IP addresses is a handy trick to know, with (DNS) privacy features often requested and businesses becoming increasingly liable for traffic to and from their servers.
ipv6loganon is a Linux command line tool for anonymizing IP addresses in HTTP server logfiles. By default your webserver (be it Apache, nginx, or something else) logs every connection.This is useful for diagnosing connection issues or find malicious actors - but during normal operations it's also a liability from a privacy standpoint.
You can type
man ipv6loganon in your server terminal to see all the options. Run it as a cron job or automate some other way.
BIND is a fantastic suite of software. Whether you consciously use it or not, it's one of the most fundamental pieces in almost any network puzzle (that's why our most popular training course is titled "DNS and BIND").
Lot of people are surprised just how many tools BIND offers. For example:
digis the Swiss Army Knife of network tools. So much so, that we'll be giving it its own entry at the letter 'D' in the next post. In the meantime, read
man digin your terminal, and learn to love it.
delvcan be used to verify DNSSEC trust. It's as easy as typing
delv +v www.domain.com.
named-checkconf -zcan be used to test manual changes to DNS zonefiles.
dnstapis a faster alternative to query logging. (During the training courses we go deep into how to use it.)
BIND also comes with a host of security features like DNS cookies, Response Policy Zones, Response Rate Limiting, and more. The DNSB-W and DNSB-A courses cover these in detail.
C is not just for cookies, but also: catalog zones. Catalog zones are special DNS zones, used to quickly propagate DNS zones from master to slave servers. Slave servers use catalog zones to recreate member zones, and if any changes occur "upstream", they're also synced across slaves using the catalog zones.
Use catalog zones for redundancy, so if your slave servers go out of commission for any reason, you can resume normal operations by quickly spinning up backups.
In this DNS glossary series, we focus on just a handful of concepts in each post. Bite-sized, they're but the tip of the iceberg. Our training program is where all of these concepts come to exist in the right context - and you get to try your hand at putting newly learnt skills in action.
Check out our training calendar, and reach out to us with any questions.