DNS & BIND Week
DNS & BIND Week is our most popular course. It is ideal for anyone starting out. It is most commonly attended by those with previous DNS knowledge, and by administrators with BIND experience.
Nothing is taken for granted, and the labs begin by downloading, compiling, and installing BIND. Each student creates BIND configuration from scratch for authoritative and recursive servers. They create zone files from scratch for an authoritative masters. DNS tools such as, dig,rndc, named-checkconf, & named-checkzone, are taught in depth and used extensively in the labs. Those with previous DNS and BIND skills report that the start of the course, which assumes nothing, fills in knowledge gaps, corrects misconceptions, and that it moves on to unknown topics and new material. Men&Mice courses are hands-on, full of laboratory exercises.
Recently, we have added four new sections on DNS Cookies, Response Policy Zones (RPZ), Response Rate Limiting (RRL) and dnstap. Many new labs have been added, including several problem solving and debugging labs along with additional quizzes.
DNS&BIND Week can be taken as two independent courses, DNS&BIND Fundamentals (DNSB-F) and DNS&BIND Advanced (DNSB-A). However, DNSB-W comes at a discount of $150 off the price of the individual courses, and is recommended for most participants.
While, implementation details are specific to BIND, the course’s theory, and the practical skills gained in the labs, are applicable to all DNS systems.
— The DNS Namespace (Basic DNS Theory)
— Domain Names, Labels and Nodes
— The root, TLDs, and Lower Level Domains
— Zones and Zone Types
— Name Resolution and Referrals
— The DNS Message (DNS Data)
— Name Servers (Authoritative Masters, Authoritative Slaves, RDNS (Recursive Resolvers)
— Caching & Negative-Caching
— Stub Resolvers
— Forwarding, Forward Zones, and Stub Zones
— Master File Format, Shortcuts, & Directives
— Registrants, Registrars, Registries, Registry Operators
— Classes, Resource Record Types, and Resource Records (minimally, the following are covered in detail: SOA, NS, A, AAAA, MX, SRV, TXT, PTR, CNAME)
— Pseudo Resource Records (e.g. ANY, AXFR, IXFR, OPT, TSIG, etc)
— Setting Up and Accessing Remote Name Servers
— Downloading, Compiling and Installing BIND
— BIND Configuration Files (minimally): named.conf, rndc.conf, rndc.keys, bind.keys
— BIND Management Tools (minimally): named-checkconf,named-checkzone, rndc, nsupdate, rndc-confgen, tsig-keygen
— Generating and Reading BIND Log Files
— dig, its Output, & the problems with nslookup
— DNS Debugging & BIND Debugging
— Dynamic DNS (DDNS), NOTIFY, & Incremental Zone Transfers
— Extended DNS (EDNS)
— dnstap (Advanced Query & Response Logging)
— Catalog Zones(Automatic Zone Provisioning)
— Security: DNS Threats, Risks, Attacks, and Mitigation (e.g. Spoofed Responses, Spoofed IPs, Reflection, Amplification, DDoS, Cache Poisoning, Hijacking, etc)
— Security: Cryptography in DNS (Symmetric / Asymmetric)
— Security: Response Policy Zones (RPZ)
— Security: Response Rate Limiting
— Security: DNS Cookies
— Security: Transaction Signatures
— Security: Address Match Lists & Access Control Lists (ACLs)
— Security: Implementing a DNSSEC Validating BIND Resolving Server
— Security: Proper Firewall Configuration for DNS
— Security: Minimal ANY
— Security: DNSSEC (DNS SECurity) Introduction NOTE: DNSSEC is covered in-depth in the course: DNSSEC & BIND (DNSECB)
— Views (Split-DNS)
— RDNS: Empty Zones (Preventing Unanswerable Queries)
— RDNS: BIND Authoritative Selection
— RDNS: BIND Prefetch
— The CHAOS Class & its Practical Uses
— Common DNS Misunderstandings
— BIND Configuration for Course Topics
The labs require working on the command-line in a Linux/Unix shell. Without familiarity with basics such as cd, ls, cp, cat, and using a text editor, a participant will face difficulties. While experience is strongly recommended, advanced command-line skills are not needed. For text editing, the labs offer a variety of text editors: nano, joe pico emacs mg and vi/vim are available.
A participant must bring a computer (laptop) which is able to connect to our network. The connection can be with an Ethernet port or via Wi-Fi. In all cases, the computer must have an SSH client (Linux systems and Macs already do. For Windows, PuTTY is free and recommended). The computer must be able to get an IP address via DHCP. A computer with a physical keyboard is strongly recommended. If Wi-Fi cannot be provided for whichever reason, the participant is responsible for accessing the network via a cabled connection, possibly with a USB-Ethernet dongle.
In some courses, due to time required for other topics and participants’ interests, a topic may be reduced or skipped, or another added (e.g. DNS & IPv6 Fragmentation, DNS Geolocation, or Administrator Defined Resource Records). The decision is made by the instructor with input from the participants.
This is DNS & BIND training, Men&Mice products are not included in the course.
Men&Mice is the exclusive training partner of the ISC, which develops the most widely used DNS software, BIND.