open secondary menu close secondary menu

COURSE Description

DNS & BIND Week is our most popular course. It is ideal for anyone starting out. It is most commonly attended by those with previous DNS knowledge, and by administrators with BIND experience.

Nothing is taken for granted, and the labs begin by downloading, compiling, and installing BIND. Each student creates BIND configuration from scratch for authoritative and recursive servers. They create zone files from scratch for an authoritative masters. DNS tools such as, dig,rndc, named-checkconf, & named-checkzone, are taught in depth and used extensively in the labs. Those with previous DNS and BIND skills report that the start of the course, which assumes nothing, fills in knowledge gaps, corrects misconceptions, and that it moves on to unknown topics and new material. Men & Mice courses are hands-on, full of laboratory exercises.

Recently, we have added four new sections on DNS Cookies, Response Policy Zones (RPZ), Response Rate Limiting (RRL) and dnstap. Many new labs have been added, including several problem solving and debugging labs along with additional quizzes.

DNS & BIND Week can be taken as two independent courses, DNS & BIND Fundamentals (DNSB-F) and DNS & BIND Advanced (DNSB-A). However, DNSB-W comes at a discount of $150 off the price of the individual courses, and is recommended for most participants.

While, implementation details are specific to BIND, the course's theory, and the practical skills gained in the labs, are applicable to all DNS systems.

This course was previously known as: Introduction & Advanced DNS and BIND Topics Hands-on

Topics include

  • The DNS Namespace (Basic DNS Theory)
  • Domain Names, Labels and Nodes
  • The root, TLDs, and Lower Level Domains
  • Zones and Zone Types
  • Delegation
  • Name Resolution and Referrals
  • The DNS Message (DNS Data)
  • Name Servers: Authoritative Masters, Authoritative Slaves, RDNS (Recursive Resolvers)
  • Caching & Negative-Caching
  • Stub Resolvers
  • Forwarding, Forward Zones, and Stub Zones
  • Master File Format, Shortcuts, & Directives
  • Registrants, Registrars, Registries, Registry Operators
  • Classes, Resource Record Types, & Resource Records
    (minimally, the following are covered in detail: SOA, NS, A, AAAA, MX, SRV, TXT, PTR, CNAME)
  • Pseudo Resource Records (e.g. ANY, AXFR, IXFR, OPT, TSIG, etc)
  • Setting Up & Accessing Remote Name Servers
  • Downloading, Compiling and Installing BIND
  • BIND Configuration Files (minimally):
    named.conf, rndc.conf, rndc.keys, bind.keys
  • BIND Management Tools (minimally):
    named-checkconf,named-checkzone, rndc, nsupdate, rndc-confgen, tsig-keygen
  • Generating & Reading BIND Log Files
    dig, its Output, & the problems with nslookup
  • DNS Debugging & BIND Debugging
  • Dynamic DNS (DDNS), NOTIFY, & Incremental Zone Transfers
  • Extended DNS (EDNS)
  • dnstap (Advanced Query & Response Logging)
  • Catalog Zones(Automatic Zone Provisioning)
  • Security: DNS Threats, Risks, Attacks, and Mitigation
    (e.g. Spoofed Responses, Spoofed IPs, Reflection, Amplification, DDoS, Cache Poisoning, Hijacking, etc)
  • Security: Cryptography in DNS (Symmetric / Asymmetric)
  • Security: Response Policy Zones (RPZ)
  • Security: Response Rate Limiting
  • Security: DNS Cookies
  • Security: Transaction Signatures
  • Security: Address Match Lists & Access Control Lists (ACLs)
  • Security: Implementing a DNSSEC Validating BIND Resolving Server
  • Security: Proper Firewall Configuration for DNS
  • Security: Minimal ANY
  • Security: DNSSEC (DNS SECurity) Introduction
    NOTE: DNSSEC is covered in-depth in the course: DNSSEC & BIND (DNSECB)
  • Views (Split-DNS)
  • DNAME
  • RDNS: Empty Zones (Preventing Unanswerable Queries)
  • RDNS: BIND Authoritative Selection
  • RDNS: BIND Prefetch
  • The CHAOS Class & its Practical Uses
  • Common DNS Misunderstandings
  • BIND Configuration for Course Topics

Note: In some courses, due to time required for other topics and participants' interests, a topic may be reduced or skipped, or another added (e.g. DNS & IPv6 Fragmentation, DNS Geolocation, or Administrator Defined Resource Records). The decision is made by the instructor with input from the participants.

Prerequisites (recommended)

The labs require working on the command-line in a Linux shell. Without familiarity with basics such as cd, ls, cp, cat, and using a text editor, a participant will face difficulties. While experience is strongly recommended, advanced command-line skills are not needed. For the text editor, working with vi or emacs is not required, as a simple editor, nano, is also available. An understanding of IP addressing is helpful.

Material Requirements

A participant must bring a computer with an Ethernet port, a keyboard, and an SSH client. (PuTTY is an example of an SSH client for Windows). The laptop must be able to get an IPv4 address with DHCP over the port. Please note the Ethernet port requirement, as some laptops require an adapter for Ethernet. A computer without a physical keyboard, for example a tablet, is not recommended, and will additionally fail to meet the Ethernet port requirement.

DNS & BIND Training

This is DNS & BIND training, Men & Mice products are not included in the course. If Men & Mice Suite training is required, options are available.

Cost / Duration / Course Book and Lab Guide (only for Public training classes)

  • $4490 (USD) (Public course include vouchers for TWO free certification exam attempts, and lunch each day. The vouchers are valid for one year.)
  • Five-days
  • Official ISC Training Material

Cancellation policy

Please read our Cancellation policy

About Men & Mice Training

Men & Mice is the exclusive training partner of the ISC, which develops the most widely used DNS software, BIND.

Registration

Register for a Public Course Request a Quote for On-Site Training Register for certification exam