InfoSec Reviews – Pro DNS and BIND 10

Book Title: Pro DNS and BIND 10

Subtitle: A complete reference to DNS and BIND

Author: Ron Aitchison

Publisher: Apress

Date of Publishing: 2011

ISBN(13): 9781430230489

Price (UK & US non-discounted): £39.49, $49.99

Ebook Option: Amazon Kindle edition available £23.06; Apress also offers PDF version direct for $34.99

URL of Publisher Site: Apress

URL of Amazon UK web page: Pro DNS and BIND 10

URL of Amazon US web page: Amazon.com

I’ve been using BIND for almost twenty years, starting with BIND 4 on a SunOS 4.1.3 system that hosted the .co.uk zone, and working with BIND 8 and 9 on various platforms over the years. During that time I’ve always had the O’Reilly DNS and BIND book, by Cricket Liu and Paul Albitz, on my bookshelf. But the latest edition of DNS and BIND is five years old now, so I was excited to see a new DNS book – especially one that claims to cover BIND 10, the next generation of BIND that’s currently in development.Pro DNS and BIND 10 is a big book: it’s 692 pages long, 23.5cm x 19cm in size, and set in a small font size with minimal leading. It’s divided into three parts, which cover everything from the principles of DNS, through installation and security, to programming APIs and the structure of DNS packets. Given the breadth of material outlined in the table of contents and the wide intended audience of “beginner to advanced”, the size is understandable.The title implies that it covers BIND 10, so I was disappointed to find there are no details of BIND 10 at all. The introduction mentions that the original plan was to include BIND 10, but this was later changed. There are mentions of additional online material for BIND 10, but I didn’t find any links to this, and a quick web search didn’t turn anything up. It’s not good for a book entitled BIND 10 not to cover that version at all, and I think some readers may feel short-changed by this omission. There are still a few stray references to BIND 10, for example in chapter one it says BIND 10 is fully described in chapter 14, but chapter 14 is about something else entirely. This together with the book’s title makes it appear that the decision to remove the BIND 10 material was taken fairly late in the editing process.The first few chapters introduce technical DNS terms in ways that could be confusing for a beginner. For example, chapter one, “An Introduction to DNS”, starts by talking about “the physical address of a name server”. The use of the words “physical address” for a network-layer address is non-standard and could confuse. On the same page, it uses the old terminology of “primary” and “secondary” name servers (these terms were replaced with the more descriptive “master” and “slave” when BIND 8 was released in 1997), and goes on to talk about “tertiary” and “quaternary” name servers, which are not official terms at all, wrongly implying some sort of hierarchy of authoritative nameservers. It’s worth pointing out that the concepts of master and slave nameservers are covered in detail in chapter four (DNS Types), and the terms are explained correctly in that chapter.There’s more scope for confusion in chapter two, which contains an example zone file with two NS records. The text implies the first nameserver in the zone is the preferred nameserver with the second one only being queried if the first is unavailable. This is misleading as all NS records have equal importance.After this somewhat rocky start, the book starts to improve. Apart from a few minor errors, the content from chapter three onwards is generally good and accurate. It covers recent DNS developments in sufficient detail and has some useful real-world hints and tips as well detailed configuration examples.The book has two chapters on security: chapter 10, covering the various security options, and chapter 11 is devoted to DNSSEC. This is a good approach as it covers all aspects of DNS security without getting bogged down in the complexity of DNSSEC and also gives a thorough explanation of DNSSEC for those people who need to use it. Other books and references tend to focus either on DNSSEC to the exclusion of the other areas of security or to only give it a brief mention; so it’s refreshing to find a book that has a good balance.After the two security chapters, the book contains a couple of reference chapters on the BIND configuration file and zone files. These are in Part 3 of the book, which ostensibly covers DNS security, but they would be better placed in a separate section or in an appendix.

The book concludes with details of the BIND programming APIs and the format of DNS packets.

This is a large book that covers a lot of ground and contains a lot of detailed information. Its two main faults are the failure to cover BIND 10, and the occasionally confusing terms and explanations in the early chapters.

It’s a good book for someone who knows the basics of DNS and wants help with the details of configuring and securing a BIND 9 system. But there are better DNS books for the beginner, and it will not satisfy anyone looking for details of the forthcoming BIND 10.

Marks: 3 out of 5

***