Every time you get e-mail, every time you access a web page, you use the Domain Name System (DNS). In fact, over 2 billion such requests hit the DNS root-servers alone every day. Every one of those 2 billion requests originate from a DNS that supports a group of local users, and every one of them is finally answered by a DNS server that may support a high-volume commercial web site or a modest, but much loved, family web site. This book is about understanding, configuring, diagnosing, and securing the DNS servers that do the vital work. Many years ago when I set up my first pair of DNS servers, I wasted my time looking for some practical advice and some sensible description of the theory involved. I found neither. I completed the DNS rite-of-passage—this book was born from that experience.
DNS is a complex subject, but it is also unnecessarily cloaked in mystery and mythology. This book, I hope, is a sensible blend of practical advice and theory. You can treat it as a simple paint-by-numbers guide to everything from a simple caching DNS to the most complex secure DNS (DNSSEC) implementations. But the background information is there for those times when you not only need to know what to do, but you also need to know why you are doing it, and how you can modify the process to meet your unique needs.
When the first edition of the book was written, we were on the cusp of a major change in DNS technology—the paint had not quite dried yet on the newly published DNSSEC standards. It is no exaggeration to say that even we who live in close proximity to DNS have been staggered by just how radical a change was brought about by those standards. In part this derives from the increasing focus on general Internet security, but it also comes from the recognition of the fundamental role DNS plays in enabling the Internet.
Among many unanswered questions for the future is, once the DNS is secure, what form and type of information may be safely added to DNS zones? The obvious follow-up question that immediately springs from such speculation is what functionality will be demanded of DNS software? We have already seen increasing specialization, clear separation of the roles of authoritative DNS and resolvers, to name one development, and alternative data sources for zone data such as databases and IP provisioning systems, to name another. But all continue to provide classic DNS look-up functionality. In this respect BIND 10 represents a new and radical approach, not just to the issues of functional separation and alternative data source, though these are provided, but in employing a modular and component-like architecture BIND 10 allows us to contemplate a very different way in which DNS may be used within a rapidly evolving Internet.