Difference between revisions of "OPS535 Advanced DNS"
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | [[Category:OPS535]] | ||
* DNS Logging | * DNS Logging | ||
| + | ** logging Statement Definition and Usage | ||
| + | <pre> | ||
| + | Sample: | ||
| + | logging { | ||
| + | channel default_debug { | ||
| + | file "data/named.run"; | ||
| + | severity dynamic; | ||
| + | }; | ||
| + | }; | ||
| + | </pre> | ||
* Dynamic DNS | * Dynamic DNS | ||
| Line 8: | Line 19: | ||
nsupdate is used to submit Dynamic DNS Update requests as defined in RFC 2136 to a name server. This allows resource records to be added or removed from a zone without manually editing the zone file. A single update request can contain requests to add or remove more than one resource record. | nsupdate is used to submit Dynamic DNS Update requests as defined in RFC 2136 to a name server. This allows resource records to be added or removed from a zone without manually editing the zone file. A single update request can contain requests to add or remove more than one resource record. | ||
</pre> | </pre> | ||
| + | * TSIG - Transaction SIGnatures | ||
| + | ** BIND primarily supports TSIG for server to server communication. | ||
| + | ** TSIG can also be useful for dynamic update.The nsupdate program supports TSIG via the -k and -y command line options or inline by use of the key. | ||
* DNSSEC | * DNSSEC | ||
| + | ** Cryptographic authentication of DNS information is possible through the DNS Security (DNSSEC-bis) extensions, defined in RFC 4033, RFC 4034, and RFC 4035. | ||
| + | ** [https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-securing_dns_traffic_with_dnssec Securing DNS with DNSSEC] | ||
| + | ** [https://ftp.isc.org/isc/dnssec-guide/dnssec-guide.pdf DNSSEC Guide] | ||
Latest revision as of 23:55, 23 March 2018
- DNS Logging
- logging Statement Definition and Usage
Sample:
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
- Dynamic DNS
- Dynamic Zone - Allow-update
- Dynamic DNS update using nsupdate
Man Page:
nsupdate is used to submit Dynamic DNS Update requests as defined in RFC 2136 to a name server. This allows resource records to be added or removed from a zone without manually editing the zone file. A single update request can contain requests to add or remove more than one resource record.
- TSIG - Transaction SIGnatures
- BIND primarily supports TSIG for server to server communication.
- TSIG can also be useful for dynamic update.The nsupdate program supports TSIG via the -k and -y command line options or inline by use of the key.
- DNSSEC
- Cryptographic authentication of DNS information is possible through the DNS Security (DNSSEC-bis) extensions, defined in RFC 4033, RFC 4034, and RFC 4035.
- Securing DNS with DNSSEC
- DNSSEC Guide
