DNS and Bind, 5th Edition
- ISBN: 0-596-10057-4
- Publisher: O'Reilly Media
- Publication Date: May 2006
- Pages: 650
- Price: £35.50
Summary: Excellent book, essential for the BIND administrator.
This is a truly remarkable book. It has been revised and improved over its 14-year history, resulting in a vast and authoritative yet readable account of DNS and especially BIND.
The good
The authors have chosen to remove most references to BIND 4 from this latest edition, concentrating instead on various versions of BIND 8 and 9.
The book covers all aspects of DNS and how to implement them in BIND, including DNS zones and subdomains, Dynamic DNS, zone transfers, mail records, DNSSEC and IPv6.
It has a large chapter on DNS security, describing DNSSEC, TSIG, split-horizon and prescribing various models for securing BIND.
I was very impressed with the chapter about DNS programming: an aspect of Unix that is imperfectly documented in the manual pages at best. Liu and Albitz's treatment of this topic is, as with the rest of the book, clear and exhaustive.
However, the twin highlights of the book were the chapters on maintaining and debugging BIND. The maintenance chapter sets out the seasoned expert's approach to looking after BIND, and the chapter about debugging describes the 13 most likely causes of BIND problems, from the authors' extensive knowledge of taming the beast.
The bad
I was uncomfortable with the book's overuse of the deprecated nslookup program for debugging. It does justify this by saying that it's widely available, but in my opinion this is a poor reason for using a substandard tool when better alternatives, such as host and dig are almost as widespread.
Also, I was disappointed that BIND was the only DNS server considered for Unix. Surely a chapter or two on djbdns would not have goneamiss.
The ugly
Read this book if you want to know in intimate detail just how buggy various versions of BIND (up to 9.3.2) are. Liu and Albitz document, in loving detail, the flaws in BIND. If you must use BIND, this book is essential. However, it has convinced me to avoid BIND in favour of djbdns wherever possible.
Score: 8 out of 10.
Andrew Stribblehill
