DNS Administration¶
A comprehensive guide to DNS - from how name resolution actually works to running authoritative servers, signing zones with DNSSEC, and designing resilient architectures. These guides take you from "I can query DNS" to understanding the system deeply enough to build and operate it.
Each topic is covered in its own guide. Start anywhere - they're self-contained, but the order below follows a natural learning path.
Guides¶
What DNS actually is, how the hierarchy works from root servers to your browser, and how resolution happens step by step.
The anatomy of a zone file and every record type you'll encounter in practice. Covers SOA, A/AAAA, CNAME, MX, NS, TXT, PTR, SRV, and CAA.
The essential toolkit for querying and debugging DNS. Covers dig, drill, delv, host, nslookup, and systematic troubleshooting playbooks.
The reference DNS implementation. Covers caching resolvers, authoritative servers, primary/secondary with TSIG, views, and rndc operations.
NLnet Labs' split-role approach - NSD for authoritative serving, Unbound for recursive resolution. Covers running them together.
Database-backed DNS with a built-in HTTP API. Covers MySQL and SQLite backends, REST API zone management, and the recursor.
Cryptographic DNS authentication. Covers the trust chain, key management, signing zones with BIND/NSD/PowerDNS, and debugging validation failures.
Designing resilient DNS infrastructure. Covers zone transfers, hidden primaries, split-horizon, anycast, email DNS, and migration patterns.