Difference between revisions of "OPS535 Advanced DNS"

Latest revision as of 23:55, 23 March 2018

DNS Logging
- logging Statement Definition and Usage

Sample:
    logging {
            channel default_debug {
                    file "data/named.run";
                    severity dynamic;
            };
    };

Dynamic DNS
- Dynamic Zone - Allow-update
- Dynamic DNS update using nsupdate

Man Page:
         nsupdate is used to submit Dynamic DNS Update requests as defined in RFC 2136 to a name server. This allows resource records to be added or removed from a zone without manually editing the zone file. A single update request can contain requests to add or remove more than one resource record.

TSIG - Transaction SIGnatures
- BIND primarily supports TSIG for server to server communication.
- TSIG can also be useful for dynamic update.The nsupdate program supports TSIG via the -k and -y command line options or inline by use of the key.
DNSSEC
- Cryptographic authentication of DNS information is possible through the DNS Security (DNSSEC-bis) extensions, defined in RFC 4033, RFC 4034, and RFC 4035.
- Securing DNS with DNSSEC
- DNSSEC Guide

@@ Line 1: / Line 1: @@
+[[Category:OPS535]]
 * DNS Logging
+** logging Statement Definition and Usage
+<pre>
+Sample:
+    logging {
+            channel default_debug {
+                    file "data/named.run";
+                    severity dynamic;
+            };
+    };
+</pre>
 * Dynamic DNS
@@ Line 13: / Line 24: @@
 * DNSSEC
 ** Cryptographic authentication of DNS information is possible through the DNS Security (DNSSEC-bis) extensions, defined in RFC 4033, RFC 4034, and RFC 4035.
+** [https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-securing_dns_traffic_with_dnssec Securing DNS with DNSSEC]
+** [https://ftp.isc.org/isc/dnssec-guide/dnssec-guide.pdf DNSSEC Guide]

CDOT Wiki β

Difference between revisions of "OPS535 Advanced DNS"

Latest revision as of 23:55, 23 March 2018

CDOT Wiki ^β