In this video, Chaim Krause provides a list of the services that are used in the examples. Explore why security should always be a top concern, and why you should set up a DNS sandbox for testing before you deploy.
- [Instructor] Before we get started with the demo, I'd like to take some time to mention something very important. Demonstrations throughout the rest of this course are using fictitious examples in a sandbox. This is not something you want to try on your network without going through some testing process beforehand. It's not a decision to be made lightly. Maybe after going through this course, you decide that there's too much work to administer your own name server.
Maybe you're a small company and you don't have the personnel to do so. Get buy-in from all the stakeholders. You're going to be interacting with maybe the finance department in determine whether it's cost effective to purchase hardware, or go with outsourcing. You'd talk to your security team. Make sure that all the policies that you put in place for your domain server fit in with the rest of the security policies for your network. And remember, every policy has a trade-off.
Every time you add some functionality, you're adding vulnerability of some sort. Sometimes it's a small one, sometimes it's a larger one. But it's always a trade-off. I wanted to provide you with some real world examples, so I picked some providers to use in my demonstration. I want you to know that these are not endorsements. Organizations should research their options into what services they may or may not want to use. And always keep in mind, sometimes it's best to run it in house and other times it's best to outsource.
If you want to follow along with my building of my laboratory here, you're going to need to have a couple of things. First off, you need a registered domain name. If you don't have one for practice purposes, there are places where you get free domain names on the internet. Think about getting one of those for your test laboratory. You'll also need a web hosting provider. There's probably literally millions of them out there. Email hosting providers, going to want to choose one that allows you to set your domain and choose your routings.
I also demonstrate using a secondary DNS provider. There are several of them out there. You don't always want to run a slave server on your premises. We will be talking about geo redundancy. You may not have the physical facilities to put your secondary servers around the world, but there are plenty of secondary DNS providers that can do this for you. One other thing you'll need is shell access on an external computer. What I mean by that is, you're going to want to test things as if you were an outsider.
You're going to want to query your name server outside of your own network. Three things to keep in mind while you're building your laboratory, and then moving on to real world implementation. First one is security. I've brought it up before. It's very important. You need to do a risk analysis. It's not as easy as just putting up a web page, finding you've got a typo, and making a change. You could put your entire network at risk.
Second, I think you should think about security. Discuss your options in detail with your security team. You can have a huge impact on your entire network. Make sure you discuss your options with other key stake-holders in your company. Network security can bring down an entire company. But you still want to provide services and make them easily accessible. And last, security. Do more research. Maybe you have somebody that's a security guru.
Maybe you don't. Maybe you're a small Mom and Pop shop and you just want to get your services up on the web. There's plenty of locations where you can get more training on this topic. Remember that no matter the size of your organization, big or small, you need to check with the other key stake-holders.
- Working with different types of name servers
- Working with zone files
- Setting up a basic name server
- Creating, verifying, loading, and testing the zone file
- Allowing queries from localnets
- Configuring an advanced name server
- Serving a website or email
- Adding security