open secondary menu close secondary menu

COURSE Description

DNS & BIND Advanced continues where DNS & BIND Fundamentals (DNSB-F) leaves off, focuses on critical topics that do not fit into DNSB-F. DNS has many exotic, out-dated, and rarely implemented features. Those are not covered. Like DNSB-F, this course mixes in-depth lectures and practical hands-on labs, which each student runs on his or her own server, which we provide.

While, implementation details are specific to BIND, the course's theory, and the practical skills gained in the labs, are applicable to all DNS systems.

Attending DNSB-A in the same week as DNSB-F is the most popular registration option. If that is appealing, register just once for the combined course, DNS & BIND Week (DNSB-W), which is less expensive than attending DNSB-F and DNSB-A independently.

This course was previously called: Advanced DNS & BIND Hands-on Training

Topics include

  • Views (Split-DNS)
  • Empty Zones (Preventing Unanswerable Queries from Your Resolver)
  • BIND's ACLs (Access Control Lists)
  • Cryptography in DNS
  • Transaction Signatures (TSIGs)
  • NOTIFY and IXFR (Incremental Zone Transfer)
  • Dynamic DNS (DDNS)
  • BIND's DDNS Tool: nsupdate
  • BIND's rndc commands for DDNS
  • 'dig'ing Deeper
  • Automatic Zone Provisioning in BIND (Catalog Zones)
  • BIND Prefetch
  • EDNS (Extended DNS) and the OPT Pseudo Record Type
  • The Practical Uses of the Chaos Class
  • Firewall Knowledge & Configuration for DNS
  • Risks, Threats, Attacks, and Security in DNS
  • The Fundamentals of DNSSEC (DNS SECurity)
  • DNSSEC Key types, The Chain of Trust
  • DNSSEC Resource Record Types (minimally the following are covered: RRSIG, DNSKEY, DS, NSEC)
  • Implementing a DNSSEC Validating BIND Resolving Server
  • BIND cryptography tools: rndc-confgen, ddns-confgen, dnssec-keygen

Note about content: In some courses, due to time required for other topics and participants' interests, a topic or two may be reduced or skipped. The decision is made by the instructor with input from the participants.

Note about DNSSEC: Our three-day DNSSEC & BIND course (DNSSECB) goes much further in depth on DNSSEC, and it covers far more DNSSEC topics. For example, DNSB-A does not cover running a DNSSEC authoritative server, and nothing about administering DNSSEC keys. If your primary need is to learn DNSSEC, note that DNSB-A is not a prerequisite for DNSSECB.

Prerequisites (recommended)

It is strongly recommended to attend DNS & BIND Fundamentals (DNSB-F) before DNSB-A. Even participants with extensive experience tell us that DNSB-F fills in knowledge gaps, helps them understand how topics they know actually work and why, and corrects their misunderstandings. If you would like to attend DNSB-A without attending DNSB-F first, email us a request for a placement test.

The labs require working on the command-line in a Linux shell. Without familiarity with basics such as cd, ls, cp, cat, and using a text editor, a participant will face difficulties. While shell experience is strongly recommended, advanced command-line skills are not needed. For the text editor, working with vi or emacs is not required, as a simple editor, nano, is also available. An understanding of IP addressing is helpful.

Material Requirements

A participant must bring a computer with an Ethernet port, with a keyboard, and with an SSH client. (PuTTY is an example of an SSH client for Windows). The laptop cannot be so extremely mis-configured that it will not get an IPv4 address with DHCP. Please note the Ethernet port requirement as some laptops require an adapter for Ethernet. A computer without a physical keyboard, for example a tablet, will be a significance hindrance, is not recommended, and will additionally fail to meet the Ethernet port requirement.

DNS & BIND Training

This is DNS & BIND training, Men & Mice products are not included in the course. If Men & Mice Suite training is required, options are available.

Cost / Duration / Course Book and Lab Guide (only for Public training classes)

  • $1890 (USD) (The public course includes vouchers for a free certification exam attempts, and lunch each day. The vouchers are valid for one year.)
  • Two-days
  • Official ISC Training Material


Register for a Public Course Request a Quote for On-Site Training

Cancellation policy

Please read our Cancellation policy

About Men & Mice Training

Men & Mice is the exclusive training partner of the ISC, which develops the most widely used DNS software, BIND.