As you’ve probably discovered by now, we have an honest passion for teaching and training. For the past 20 years, Men&Mice has been offering DNS and BIND courses across the globe. Always updated and always practical, from the start we’ve constructed classes to address real world challenges and solve problems that our students actually face.
Beyond this series, you can also catch us in person (outside of the training courses): we’re really proud to be sponsoring RIPE78 in Reykjavik next month!
In addition to the diversity programming, we’ll also be giving two talks, presented by Carsten Strotmann, about DNS privacy and Unwind.
Being on top of our game means constantly learning.
In this new series, we’d like to give you a small taste of the Men&Mice training courses. Organized alphabetically, we’ll cover a glossary of select tips, tricks, and trivia that will deepen your understanding of DNS and BIND.
Without further ado, let’s get started – we have a whole alphabet to cover.
A is for “anonymizing IP addresses in logfiles”
Anonymizing IP addresses is a handy trick to know, with (DNS) privacy features often requested and businesses becoming increasingly liable for traffic to and from their servers.
ipv6loganon is a Linux command line tool for anonymizing IP addresses in HTTP server logfiles. By default your webserver (be it Apache, nginx, or something else) logs every connection.This is useful for diagnosing connection issues or find malicious actors – but during normal operations it’s also a liability from a privacy standpoint.
You can type
man ipv6loganon in your server terminal to see all the options. Run it as a cron job or automate some other way.
B is for “BIND features roundup”
BIND is a fantastic suite of software. Whether you consciously use it or not, it’s one of the most fundamental pieces in almost any network puzzle (that’s why our most popular training course is titled “DNS and BIND”).
Lot of people are surprised just how many tools BIND offers. For example:
digis the Swiss Army Knife of network tools. So much so, that we’ll be giving it its own entry at the letter ‘D’ in the next post. In the meantime, read
man digin your terminal, and learn to love it.
delvcan be used to verify DNSSEC trust. It’s as easy as typing
delv +v www.domain.com.
named-checkconf -zcan be used to test manual changes to DNS zonefiles.
dnstapis a faster alternative to query logging. (During the training courses we go deep into how to use it.)
C is for “catalog zones”
C is not just for cookies, but also: catalog zones. Catalog zones are special DNS zones, used to quickly propagate DNS zones from master to slave servers. Slave servers use catalog zones to recreate member zones, and if any changes occur “upstream”, they’re also synced across slaves using the catalog zones.
Use catalog zones for redundancy, so if your slave servers go out of commission for any reason, you can resume normal operations by quickly spinning up backups.
Want to learn more?
In this DNS glossary series, we focus on just a handful of concepts in each post. Bite-sized, they’re but the tip of the iceberg. Our training program is where all of these concepts come to exist in the right context – and you get to try your hand at putting newly learnt skills in action.
- If you’re new to DNS, we offer the DNS & BIND Fundamentals (DNSB-F) course. It’s part of the DNS & BIND Week (DNSB-W) and serves as a shorter introduction to the world of DNS and BIND.
- If you’re already familiar with the basics, the full five-day DNS & BIND Week (DNSB-W) course takes you deeper into DNS, including a heavy emphasis on security, stopping just short of DNSSEC (for which we offer a separate course).
- And if you’re looking for even more, we offer the DNS & BIND Advanced (DNSB-A) program, getting into the deep end of things.