Questions and answers

1. Domain Name Server

1.1.

What is the difference between a caching-only name server and a normal one?

A caching-only name server does not serve out zones, except for a few internal ones.

Caching-only name server

1.2.

Does the option forward in the named.conf file operate without further configuration?

No. For it to work, filling in the forwarders option is also required.

Use a list of forwarders

1.3.

Which syntax is used in bind to route various types of data to the logging output channels?

The category type command is used in the logging statement. It is followed by the output channel of choice, e.g.: { default_syslog; }.

The category command

1.4.

What is @ called when used inside a zone file?

The @ refers to the current origin which is defined in named.conf.

The use of @ in zone file

1.5.

In which manner would you prompt the name server to reload its configuration and zone files?

The command to be used is rndc reload.

Reloading the nameserver configuration

1.6.

For which type of DNS servers is a special zone defined using the type hint?

For the root servers. These are listed in the root zone (zone ".") and statically defined as hints (type hint;). These are the starting point for looking up addresses.

Hints file

1.7.

The SOA record in a zone file contains - among others - a serial number. Is there a required format for this serial number?

Yes, but only in the sense that it is a natural number. The serial number must be incremented (by at least one) each time something is changed in order for this change in the zone to be implemented. For a zone that never changes, a single 1 is enough. However, the format yyyymmddee is rather common.

Serial number

1.8.

What does the CNAME resource record do?

It specifies a named alias for a host with an A (address) record.

The CNAME record

1.9.

Name the purpose of a reversed zone when used by the host command.

To map an IP address to the corresponding hostname.

Reverse zone files

1.10.

How is a zone defined as master?

A zone is defined as master by using the type master statement within a zone definition.

Define a zone as master

1.11.

What two other DNS security strategies can be applied besides the obvious security by obscurity measures?

One is limiting the effects of an intrusion by running BIND with less privileges or by running it in a chroot environment or jail. The other is securing name server connections by signing reponses sent by the name server.

Running BIND with less privileges or in a chroot jail

1.12.

Name at least two categories which are distinguished by the category command in the logging statement.

security, lame-servers, cname are all valid categories.

Some logging categories

1.13.

What could be wrong if the dig command, when used to test the reverse entry for a hostname, appends the current origin to the name?

The zone file might have an error, where there's no trailing dot appended to the hostname in the PTR record definition.

Assure Trailing dot in PTR

Copyright Snow B.V. The Netherlands