Difference between revisions of "OPS535 Advanced DNS"

From CDOT Wiki
Jump to: navigation, search
(Created page with "* DNS Logging * Dynamic DNS ** Dynamic Zone - Allow-update ** nsupdate - man page <pre> nsupdate is used to submit Dynamic DNS Update requests as defined in RFC 2136 to a nam...")
 
 
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
[[Category:OPS535]]
 
* DNS Logging
 
* DNS Logging
 +
** logging Statement Definition and Usage
 +
<pre>
 +
Sample:
 +
    logging {
 +
            channel default_debug {
 +
                    file "data/named.run";
 +
                    severity dynamic;
 +
            };
 +
    };
 +
</pre>
  
 
* Dynamic DNS
 
* Dynamic DNS
 
** Dynamic Zone - Allow-update
 
** Dynamic Zone - Allow-update
** nsupdate - man page
+
** Dynamic DNS update using nsupdate  
 
<pre>
 
<pre>
nsupdate is used to submit Dynamic DNS Update requests as defined in RFC 2136 to a name server. This allows resource records to be added or removed from a zone without manually editing the zone file. A single update request can contain requests to add or remove more than one resource record.
+
Man Page:
 +
        nsupdate is used to submit Dynamic DNS Update requests as defined in RFC 2136 to a name server. This allows resource records to be added or removed from a zone without manually editing the zone file. A single update request can contain requests to add or remove more than one resource record.
 
</pre>
 
</pre>
 +
* TSIG - Transaction SIGnatures
 +
** BIND primarily supports TSIG for server to server communication.
 +
** TSIG can also be useful for dynamic update.The nsupdate program supports TSIG via the -k and -y command line options or inline by use of the key.
 
* DNSSEC
 
* DNSSEC
 +
** Cryptographic authentication of DNS information is possible through the DNS Security (DNSSEC-bis) extensions, defined in RFC 4033, RFC 4034, and RFC 4035.
 +
** [https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-securing_dns_traffic_with_dnssec Securing DNS with DNSSEC]
 +
** [https://ftp.isc.org/isc/dnssec-guide/dnssec-guide.pdf DNSSEC Guide]

Latest revision as of 23:55, 23 March 2018

  • DNS Logging
    • logging Statement Definition and Usage
Sample:
    logging {
            channel default_debug {
                    file "data/named.run";
                    severity dynamic;
            };
    };
  • Dynamic DNS
    • Dynamic Zone - Allow-update
    • Dynamic DNS update using nsupdate
Man Page:
         nsupdate is used to submit Dynamic DNS Update requests as defined in RFC 2136 to a name server. This allows resource records to be added or removed from a zone without manually editing the zone file. A single update request can contain requests to add or remove more than one resource record.
  • TSIG - Transaction SIGnatures
    • BIND primarily supports TSIG for server to server communication.
    • TSIG can also be useful for dynamic update.The nsupdate program supports TSIG via the -k and -y command line options or inline by use of the key.
  • DNSSEC
    • Cryptographic authentication of DNS information is possible through the DNS Security (DNSSEC-bis) extensions, defined in RFC 4033, RFC 4034, and RFC 4035.
    • Securing DNS with DNSSEC
    • DNSSEC Guide