Preventing Vexation and Woe: DNS Fundamentals, Part 2

DNS makes the Internet world go 'round. Carla Schroder takes a look at how DNS works on the server side in the second article of her two-part tutorial on DNS fundamentals.

By Carla Schroder | Feb 4, 2003
Page 1 of 4
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

In Part 1 of our tutorial on DNS fundamentals, we looked at what happens on the client side of DNS. Today we leap into managing DNS on the server side.

Running your own DNS server offers greater control and flexibility. I want to emphasize the importance of being careful when running a public DNS server. Please be sure you know what you are doing and are willing to do what it takes to manage it competently. Any connected machine has the potential to spread havoc far and wide.

Note that it isn't necessary to run a DNS server to manage your own DNS, as there are all kinds of third-party DNS services available. They bear the headaches of keeping the machines running -- all the customer needs to know is how to enter their own configurations.

When studying DNS, you'll notice that teaching materials and training courses are very BIND-centric. While standards are supposed to be application- and platform-agnostic, horrid BIND hacks such as TSIG, IXFR, and NOTIFY have somehow wormed their way into DNS standards. Admins who choose DNS servers other than BIND must pay extra-close attention to their documentation. To quote my favorite guru, Ed Sawicki of Alcpress.com:

"The djbdns folks think it's silly to use these BIND-specific mechanisms when we already have excellent general purpose protocols and software to do these things. If you want to move zone files between computers -- and the files might be large -- you can use rsync, which only moves changes. If you're concerned that these file transfers should be secure, run rsync on top of SSL. If you want to be sure you're sending a zone file to a legitimate secondary and you're not being spoofed, configure your firewall and, optionally, use certificates."

djbdns is a collection of DNS-management programs, including tinydns (the name server) and dnscache (the caching component). In my opinion, djbdns is preferable in every way -- it's small, fast, stable, scalable, and secure. See Resources for further discussions of the technical merits of BIND and djbdns. The examples on the following pages use tinydns syntax.

Page 2: Receiving Delegations

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >