Book Reviews

The following book reviews are the copyright of their respective authors and no part should be reproduced without the express permission of the author. Publishers and Authors of the books reviewed may reproduce the whole or extracts of a review for their book. To request copyright permission please email webmaster@birmingham.pm.org.

All the reviews herein are the opinions of the reviewer and are not necessarily the views of Birmingham Perl Mongers and its members. If you feel a review or comment has been made in error, please contact webmaster@birmingham.pm.org to rectify the situation.

Network/Security Books

Static Link: http://birmingham.pm.org/reviews/30

 
DNS and BIND (4th Edition)
Title:DNS and BIND (4th Edition)
Author(s):Paul Albitz, Cricket Liu
ISBN:0-596-00158-4
Publisher:O'Reilly Media
Reviewer:Barbie

I've recently had to read DNS & BIND for work, and thought I might as well write a review of it.

There is a lot of history with DNS, particularly as it was what enabled the Internet, as we know it today, to grow to what it is. This book begins by introducing us to some of that history and if you haven't heard it before, it does make interesting reading. The initial attempts to reference a computer or network are still in evidence today, via the /etc/hosts (or equivalent path for other operating systems) "hosts" file. This simple file enabled the initial computers to all talk to each other. However, with the implementation we have today, this wasn't practical. Each network or computer doesn't need to know about every other network and computers connected to the Internet, only what its associated to. Hence the DNS, Domain Name Space, was created.

In understanding the DNS make up, its worth reading the RFCs that are associated with it. They are referenced in the book and Chapter 2, "How Does DNS Work?", goes along way to explaining them, but it is still worth taking time to read them in full. The relevant documents are RFC 1034 (http://www.faqs.org/rfcs/rfc1034.html) and RFC 1035 (http://www.faqs.org/rfcs/rfc1035.html). There is much to comprehend, but as it is vital to understanding how the interfaces are structured, it may be necessary to reread these early chapters.

One thing Chapter 2 highlighted for me, was that .gb as a TLD is still reserved for Great Britain, even though I haven't been aware you could buy a domain with it. Maybe we're just special :)

Several glossary terms later (TTL, Class, Resource Records, Name Servers, Zones, Resolvers ...) we reach the end of Chapter 2. It certainly packs a lot of information into one chapter, but the authors do make great attempts to explain everything in an easy to follow manner.

From here on in you really need to understand the previous chapter. Many of the terms explained there are constantly used throughout the rest of the book. Chapter 3, Where Do I Start?, initially talks through downloading BIND and some useful websites and mailing lists. Once you've got BIND, you'll need to look into registering a domain. The second half of the chapter looks at how to use the WHOIS service and nslookup program.

Now our journey really begins into BIND territory. Beware dragons!

Chapter 4, Setting Up BIND, concerns itself with all that is necessary to get BIND up and running. There is a lot to configure and the book does make great efforts to explain the whys and wherefores. I haven't had to set up BIND, but I think I could manage it having read this. Typical of the book's style, the step by step guides are carefully laid out. Bare in mind that this is a basic installation, and will require tweaking to fit your requirements, however this is what the remaining chapters are for.

Chapter 5, DNS and Electronic Mail, looks at how the resource records are configured for use with mail exchangers for email and mailboxes. Chapter 6, Configuring Hosts, does the same for host names so the resolver can get what it wants. There are many Vendor specific anomalies listed too, even Windows.

The next two chapters, Maintaining BIND & Growing Your Domain, look at expanding the basic install and configuration. Such as expanding the zone data files, the logging capabilities, adding more name servers and disaster recovery. Although the book has been updated for BIND 9, it does refer back to older versions, in particular BIND 8, so don't feel left out if you are currently running an older copy.

A domain can also have subdomains and chapter 9, Parenting, looks into setting up your host as a parent and your child hosts as subdomains, a large portion of which involves reconfiguring your zone data files. Quite usefully it also shows you how to remove your parent too. Following on from this is the Advanced Features in chapter 10, which looks into expanding even further the features of your DNS server.

Security, in chapter 11, is of high importance for anyone. A poorly or incorrectly configured system can potentially expose your domains and name servers. To highlight the issue I'll quote the story used in the opening lines of the chapter:

"In July 1997, during two periods of several days, users around the Internet who typed www.internic.net into their web browsers thinking they were going to the InterNIC's web site instead ended up at a web site belonging to the AlterNIC. (The AlterNIC runs an alternate set of root name servers that delegate to additional top-level domains with names like med and porn.) How'd it happen? Eugene Kashpureff, then affiliated with the AlterNIC, had run a program to "poison" the caches of major name servers around the world, making them believe that www.internic.net's address was actually the address of the AlterNIC web server."

The upshot is that someone could potentially redirect a legitimate request to another dubious server, which could be spoofing e-commerce type pages, where users, believing they are using the correct server pages, enter confidential information (such as credit card numbers). All because your name server has been compromised. Or perhaps think about your company website being redirected to a porn site.

The security chapter covers many aspects of securing your name servers and BIND, together with working with firewalls and cryptography. Worth reading, especially its been heavily expanded from previous editions of this book.

Next up a look at nslookup and dig. Generally these troubleshooting tools are there essentially to ensure that your name servers are acting the way you think they should. The chapter concentrates on nslookup, but does include details for dig too.

The next two chapters, Reading BIND Debugging Output & Troubleshooting DNS and BIND, are very much looking towards tracing problems that might occur with DNS and BIND. Hopefully you shouldn't need to read these chapters, but they do appear quite thorough should you need to.

Chapter 15, Programming with the Resolver and Name Server Library Routines, looks at how you can program some of your requirements, either in shell script, C or Perl.

The last chapter, titled Miscellaneous, as the authors state "ties up loose ends". There are a few extras and tricks of the trade bundled here that don't quite fit into any other chapter. A useful one being DNS wildcards.

The Appendices cover some useful information too, including extracts and explanations of RFC 1035, a list of TLDs (Top-Level Domains) and a few other handy items.

I've found this book to be very well written, with good clear examples, without getting overwhelmed by the complexity of it all. As I am new to this, much of the contents and explanations I have to take at face value, though seeing as this is now the fourth version, covering BIND 9, I would expect this to be virtually air tight. It can take a bit of rereading, but that's mainly due me being a bit of a novice rather than any failing on the part of the authors.

If you have ever had any interest in or need to understand how DNS, BIND, Name Servers and/or Resolvers work, or what Resource Records mean, then this is definitely the book to read.