Sebastopol, CA--Most Internet users surf the Web and send email with scarcely a thought of DNS, the Domain Name System. Yet DNS and BIND are the fundamental building blocks of the Internet as we use it. DNS handles mapping between hostnames, which we humans find convenient to remember, and Internet addresses, which computers deal with. DNS is, in fact, the standard mechanism for advertising and accessing all kinds of information about hosts, not just addresses, and making it available all over the Internet. DNS may be transparent to users, but establishing and maintaining a workable DNS configuration is an increasingly complex task with which system administrators wrestle regularly.
"DNS is being used for many more applications than in the past," observes Cricket Liu, coauthor with Paul Albitz of the new edition of DNS and BIND (O'Reilly, US $49.99) "With ENUM (electronic numbering), DNS is used by voice-over-IP gear. With SPF (the Sender Policy Framework), mailers look up information in DNS to check for mail spoofing. This makes DNS more critical than ever, and a target for hackers," says Liu. "To handle these additional applications and increased threats, DNS has had to be extended, adding cryptographic security, for example."
These topics and others are covered in the new edition of DNS and BIND. Security is necessarily one of the topics covered exhaustively in the book. Liu points out that "as we've come to rely more on DNS, we've also seen name servers on the Internet targeted by hackers more and more. In previous editions of the book, we described how to secure name servers, but I think most readers felt the likelihood of their name servers coming under attack was remote. Today, I think it's actually fairly likely," he says.
"There's been a recent spate of DNS amplification attacks in the news," Liu adds. "It's incumbent on the administrators of Internet name servers to guard against these by limiting access top recursion, which we cover in a chapter called 'Security.'"
Authors Liu and Albitz are among the world's foremost experts on DNS and BIND. Their book, now in its fifth edition, has long been considered the de facto bible on the subject and essential reading for any network or system administrator involved with DNS. The new edition covers BIND 9.3.2, the most recent release of the BIND 9 series, as well as BIND 8.4.7. BIND 9.3.2 contains further improvements in security and IPv6 support, and important new features such as internationalized domain names, ENUM, and SPF. Beginning with an introduction to DNS and what it does, the book guides administrators through all aspects of setting up, configuring, and working with the distributed host information database. Other topics include using MX records to route mail, subdividing domains (parenting), the DNS Security Extensions (DNSSEC) and Transaction Signatures (TSIG), dynamic updates, troubleshooting, and DNS programming using the resolver library and Perl's Net::DNS module. Anyone who works with DNS regularly or wants to be more informed about the Internet and how it works is sure to want a copy of this book close at hand.
Additional Resources:
- More information about the book, including table of contents, index, author bios, and samples
- A cover graphic in JPEG format
DNS and BIND, Fifth Edition
Cricket Liu and Paul Albitz
ISBN: 0-596-10057-4, 616 pages, $49.99 US
order@oreilly.com
1-800-998-9938; 1-707-827-7000
About O’Reilly
O’Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O’Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying “faint signals” from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.