Managing Mission - Critical Domains and DNS
Demystifying nameservers, DNS, and domain names
Mark E. Jeftovic
- 368 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
Managing Mission - Critical Domains and DNS
Demystifying nameservers, DNS, and domain names
Mark E. Jeftovic
About This Book
This book will give you an all encompassing view of the domain name ecosystem combined with a comprehensive set of operations strategies. About This Bookā¢ Manage infrastructure, risk, and management of DNS name servers. Get hands-on with factors like types of name servers, DNS queries and and so on.ā¢ Practical guide for system administrators to manage mission-critical serversā¢ Based on real-world experience - Written by an industry veteran who has made every possible mistake within this field.Who This Book Is ForIdeal for sysadmins, webmasters, IT consultants, and developers-anyone responsible for maintaining your organization's core DNSWhat You Will Learnā¢ Anatomy of a domain - how a domain is the sum of both its DNS zone and its registration data, and why that matters.ā¢ The domain name ecosystem - the role of registries, registrars and oversight bodies and their effect on your names.ā¢ How DNS queries work - queries and responses are examined including debugging techniques to zero in on problems.ā¢ Nameserver considerations - alternative nameserver daemons, numbering considerations, and deployment architectures.ā¢ DNS use cases - the right way for basic operations such as domain transfers, large scale migrations, GeoDNS, Anycast DNS.ā¢ Securing your domains - All aspects of security from registrar vendor selection, to DNSSEC and DDOS mitigation strategies.In DetailManaging your organization's naming architecture and mitigating risks within complex naming environments is very important. This book will go beyond looking at "how to run a name server" or "how to DNSSEC sign a domain", Managing Mission Critical Domains & DNS looks across the entire spectrum of naming; from external factors that exert influence on your domains to all the internal factors to consider when operating your DNS. The readers are taken on a comprehensive guided tour through the world of naming: from understanding the role of registrars and how they interact with registries, to what exactly is it that ICANN does anyway? Once the prerequisite knowledge of the domain name ecosystem is acquired, the readers are taken through all aspects of DNS operations. Whether your organization operates its own nameservers or utilizes an outsourced vendor, or both, we examine the complex web of interlocking factors that must be taken into account but are too frequently overlooked. By the end of this book, our readers will have an end to end to understanding of all the aspects covered in DNS name servers.Style and approachThe book is divided into two parts, the first part looks at the wider domain name ecosystem: registries, registrars and oversight policies.The second and larger part goes into operations. Every aspect of naming is considered from the viewpoint of how this affects ones domains, what are the ramifications of different operating methods as portfolios scale.
Frequently asked questions
Information
DNS Operations and Use Cases
- Transferring domain names
- Changing a domain registrant
- Moving nameservers (redelegations)
- Redelegating DNSSEC-signed domains
- Registrar transfers
- Adding additional nameservers
- Moving to new nameservers
- Moving entire portfolios of domains to new nameservers
- Round-robin DNS
- Load balancing/global weighted load balancing
- DNS failover
- Dynamic DNS
- Geo DNS
- Zone apex aliasing
- Reverse DNS and Netblock subdelegations
- Implementing SPF, DKIM, and DMARC
Transferring domain names
- Changing the owner or registrant of a domain name from one entity to another (Change of registrant)
- Moving a domain from one registrar to another (Registrar transfer)
- Changing the nameserver delegation of a domain name (nameserver redelegation, Change of Operator or even DNS Transferāthe last of which can easily be confused with AXFR or IXFR zone transfers)
- Moving a domain name between user accounts within a registrar, web provider, managed DNS provider or similar (domain push or account push)
Change of registrant
- The current registrant navigates to their registrar control panel for the domain and makes the edit (usually in the Whois or Domain Contact or Domain Information sections of their domain).
- The change assumes a pending state, and a confirmation is sent out-of-band to the current registrant and the proposed new registrant.
- Both the current and the new Registrant explicitly acknowledge and accept the change.
Nameserver redelegations
- Changing the delegation and changing the primary master for the domain
- Changing the delegation while preserving the primary master for the domain
- Set up new master nameserver, modify the NS RRset to reflect the new/incoming nameserver delegation.
- Set up the new secondaries as slaving their zone from the new master.
- Change the delegation for the zone at the Registry of the zone's TLD.
- Leave the old nameservers up to answer queries for at least as long as the greater of a) the TTL for the NS RRSET or b) the TTL of the zone apex (while optionally setting up the old nameservers to slave from the new master).
- Decommission the zone on the old nameservers and master.
- Set up the zone on the new nameservers.
- Add your new nameserver NS RRs to your zone's existing NS.
- Update the nameserver delegation in the parent zone (usually parent TLD)āthis includes removing the old nameservers from the delegation.
- After NS RRSET TTL expires for the old nameservers, remove their NS records from your zone.
Redelegating DNSSEC-signed domains
- Gaining generates new ZSK, KSK, and DS records
- Losing publishes both new and old ZSKs in the current zone
- Losing signs the zone containing both ZSKs
- Gaining obtains Losing's ZSK and KSK
- Gaining signs the zone containing Losing's ZSK
- Gaining signs both ZSKs with its own KSKs
- New DS record into the parent zone/TLD
- Nameservers redelegated
- Both sets of nameservers operate past length of TTL
- After TTL elapses, Gaining may drop Losing KSK and ZSK and resign zone