open secondary menu close secondary menu

COURSE Description

DNS & BIND Week is our most popular course. It is ideal for anyone starting out, but most commonly attended by those with previous knowledge, and by administrators with BIND experience.

Nothing is taken for granted, and the labs begin by downloading, compiling, and installing BIND. Students create BIND configuration (named.conf) from scratch for authoritative and recursive servers. They create zone files from scratch for authoritative masters. BIND’s DNS tools, dig and rndc, are taught and used extensively in the labs. Those with previous DNS and BIND skills report that the start of the course, which assumes nothing, fills in gaps in their knowledge and corrects misconceptions, and that it moves on to unknown topics and new material. All Men & Mice courses are hands-on, full of laboratory exercises.

DNS & BIND Week can be taken as two independent courses, DNS & BIND Fundamentals (DNSB-F) and DNS & BIND Advanced (DNSB-A). However, DNSB-W comes at a discount of $150 off the price of the individual courses, and is recommended for most participants.

This course was previously called: Introduction & Advanced DNS and BIND Topics Hands-on

Topics include

  • The DNS Namespace
  • Domain Names, Labels and Nodes
  • The root, TLDs, and Lower Level Domains
  • Zones and Zone Types
  • Delegation
  • Name Resolution and Referrals
  • The DNS Message (DNS Data)
  • Name Servers (Authoritative Masters, Authoritative Slaves, Resolvers)
  • Stub Resolvers
  • Forwarding, Forward Zones, and Stub Zones
  • Master File Format including Shortcuts
  • Registrants, Registrars, Registries, Registry Operators
  • Classes, Resource Record Types, and Resource Records (minimally the following are covered in detail: SOA, NS, A, AAAA, MX, SRV, TXT & PTR)
  • Pseudo Resource Records (e.g. ANY, AXFR, IXFR, OPT, etc)
  • Caching
  • Negative-Caching
  • Setting Up and Accessing Remote Name Servers
  • Downloading, Compiling and Installing BIND
  • BIND Configuration Files
  • BIND Management Tools: named-checkconf, named-checkzone, rndc
  • Generating and Reading BIND Logs
  • dig and its Output
  • Fundamentals of DNS Debugging and of BIND Debugging
  • Common DNS Misunderstandings
  • Views (Split-DNS)
  • Empty Zones (Preventing Unanswerable Queries from Your Resolver)
  • BIND's ACLs (Access Control Lists)
  • Cryptography in DNS
  • Transaction Signatures (TSIGs)
  • NOTIFY and IXFR (Incremental Zone Transfer)
  • Dynamic DNS (DDNS)
  • BIND's DDNS Tool: nsupdate
  • BIND's rndc commands for DDNS
  • 'dig'ing Deeper
  • Automatic Zone Provisioning in BIND (Catalog Zones)
  • BIND Prefetch
  • EDNS (Extended DNS) and the OPT Pseudo Record Type
  • The Practical Uses of the Chaos Class
  • Firewall Knowledge & Configuration for DNS
  • Risks, Threats, Attacks, and Security in DNS
  • The Fundamentals of DNSSEC (DNS SECurity)
  • DNSSEC Key types, The Chain of Trust
  • DNSSEC Resource Record Types (minimally the following are covered: RRSIG, DNSKEY, DS, NSEC)
  • Implementing a DNSSEC Validating BIND Resolving Server
  • BIND cryptography tools: rndc-confgen, ddns-confgen, dnssec-keygen
  • BIND Configuration for All Course Topics

Note about content: In some courses, due to time required for other topics and participants' interests, a topic or two may be reduced or skipped. The decision is made by the instructor with input from the participants.

Note about DNSSEC: Our three-day DNSSEC & BIND course (DNSSECB) goes much further in depth on DNSSEC, and it covers far more DNSSEC topics. For example, DNSB-W does not cover running a DNSSEC authoritative server, and nothing about administering DNSSEC keys.

Prerequisites (recommended)

The labs require working on the command-line in a Linux shell. Without familiarity with basics such as cd, ls, cp, cat, and using a text editor, a participant will face difficulties. While shell experience is strongly recommended, advanced command-line skills are not needed. For the text editor, working with vi or emacs is not required, as a simple editor, nano, is also available. An understanding of IP addressing is helpful.

Material Requirements

A participant must bring a computer with an Ethernet port, a keyboard, and an SSH client. (PuTTY is an example of an SSH client for Windows). The laptop cannot be so extremely mis-configured that it will not get an IPv4 address with DHCP. Please note the Ethernet port requirement as some laptops require an adapter for Ethernet. A computer without a physical keyboard, for example a tablet, will be a significance hindrance, is not recommended, and will additionally fail to meet the Ethernet port requirement.

DNS & BIND Training

This is DNS & BIND training, Men & Mice products are not included in the course. If Men & Mice Suite training is required, options are available.

Cost / Duration / Course Book and Lab Guide (only for Public training classes)

  • $4490 (USD) (Public course include vouchers for TWO free certification exam attempts, and lunch each day. The vouchers are valid for one year.)
  • Five-days
  • Official ISC Training Material


Register for a Public Course Request a Quote for On-Site Training

Cancellation policy

Please read our Cancellation policy

About Men & Mice Training

Men & Mice is the exclusive training partner of the ISC, which develops the most widely used DNS software, BIND.