Chapter 37. DNS (Topic 2.207)

This Topic is dedicated to Domain Name System (DNS) servers. DNS is the service responsible for managing the conversion of host and domain names to and from their corresponding IP addresses. The server that does this on Linux and Unix is usually called named (pronounced "name-dee," because it stands for "name daemon"). This server is a part of the Berkeley Internet Name Domain (BIND) package used on more than 85% of all DNS servers in the world.

This Topic contains 3 Objectives:

Objective 1: Basic DNS Server Configuration

The candidate should be able to configure BIND to function as a caching-only DNS server. This Objective includes the ability to convert a BIND 4.9 named.boot file to the BIND 8.x named.conf format and reload the service using kill or ndc. This Objective also includes configuring logging and options such as directory location for zone files. Weight: 2.

Objective 2: Create and Maintain DNS Zones

The candidate should be able to create a zone file for a forward or reverse zone or root-level server. This Objective includes setting appropriate values for the SOA resource record, NS records, and MX records. Also included are adding hosts with A resource records and adding the zone to the /etc/named.conf file using the zone statement with appropriate type, file, and masters values. A candidate should also be able to delegate a zone to another DNS server. Weight: 3.

Objective 3: Securing a DNS Server

The candidate should be able to configure BIND to run as a nonroot user and configure BIND to run in a chroot jail. This objective includes configuring DNSSEC statements such as keys to prevent domain spoofing. Also included is the ability to split DNS configuration using the forwarders statement, and specifying a nonstandard version number string in response to queries. Weight: 3.