intro ###### 基础 ---- +-----------------------------------+-----------------------------------+ | 资料 | 说明 | +===================================+===================================+ | `DNS, Domain Name | 爆全的 | | System `__ | | +-----------------------------------+-----------------------------------+ | `SWITCHlan Services: DNS | DNS RFC 索引，也很全 | | Referen | | | ces `__ | | +-----------------------------------+-----------------------------------+ | `Domain Name Service | 很清晰的DNS基础介绍 | | DNS `__ | | +-----------------------------------+-----------------------------------+ | `Understanding the DNS | DNS协议介绍 | | Prot | | | ocol `__ | | +-----------------------------------+-----------------------------------+ | `DNS包细节 `__ | | +-----------------------------------+-----------------------------------+ | `What’s in a | 名址问题分析 | | Name? `__ | | +-----------------------------------+-----------------------------------+ 工具 ---- +-----------------------------------+-----------------------------------+ | 工具 | 简介 | +===================================+===================================+ | `Public DNS Server | 公用递归列表 | | L | | | ist `__ | | +-----------------------------------+-----------------------------------+ | `new gtld | new gtld 的统计信息 | | stat `__ | | +-----------------------------------+-----------------------------------+ | `ultradnstools | ultradns提供的一系列DNS检测工具 | | `__ | | +-----------------------------------+-----------------------------------+ | `DNS Looking | 可指定节点查询给定域 | | Glass `__ | 名的RR，支持正向、反向解析，以WEB | | | API形式提供服务，也是statdns的 | +-----------------------------------+-----------------------------------+ | ` | 探测工具 | | viewdns `__ | | +-----------------------------------+-----------------------------------+ | `DiG | 解析工具 | | HOWTO `__ | | +-----------------------------------+-----------------------------------+ | `WhoisMind `__ | | +-----------------------------------+-----------------------------------+ | `Int | 检查权威DNS配置 | | oDNS `__ | | +-----------------------------------+-----------------------------------+ | `dns-tools `__ | | +-----------------------------------+-----------------------------------+ | `Co | dns 软件对比 | | mparison_of_DNS_server_software < | | | http://en.wikipedia.org/wiki/Comp | | | arison_of_DNS_server_software>`__ | | +-----------------------------------+-----------------------------------+ | `just dns | 从全球各地探测指定域名 | | lookup `__ | | +-----------------------------------+-----------------------------------+ | `massi | 探测 | | vedns `__ | | +-----------------------------------+-----------------------------------+ | `dnstcpbench `__ | | +-----------------------------------+-----------------------------------+ | `dns-tools `__ | | +-----------------------------------+-----------------------------------+ | `chinaz站长dns工具 | 从国内各地探测指定域 | | `__ | 名，也可指定dns，还可以traceroute | +-----------------------------------+-----------------------------------+ | `networkt | 老外的站长工具 | | ools `__ | | +-----------------------------------+-----------------------------------+ | `ccnso icann tld | | | monitor `__ | | +-----------------------------------+-----------------------------------+ | `TLD | | | MONITOR < | | | https://tldmonitor.blipp.com/>`__ | | +-----------------------------------+-----------------------------------+ | `DNS-OARC TLD | | | Monitoring `__ | | +-----------------------------------+-----------------------------------+ | `RIPE Atlas DNS | | | Monitoring < | | | https://atlas.ripe.net/dnsmon>`__ | | +-----------------------------------+-----------------------------------+ | `Thousand | | | Eyes < | | | https://www.thousandeyes.com/>`__ | | +-----------------------------------+-----------------------------------+ | `DNSviz `__ | | +-----------------------------------+-----------------------------------+ | `DNSSEC Early | | | war | | | ning `__ | | +-----------------------------------+-----------------------------------+ | `DNSSEC Deployment | | | Report `__ | | +-----------------------------------+-----------------------------------+ | `Zonalizer `__ | | +-----------------------------------+-----------------------------------+ | `Zonalizer | | | history `__ | | +-----------------------------------+-----------------------------------+ | `CIRA DNS | | | Che | | | cker `__ | | +-----------------------------------+-----------------------------------+ | `DNS Configuration: | | | ROBTEX | | | `__ | | +-----------------------------------+-----------------------------------+ | `EDNSO Compliance | | | Test | | | er `__ | | +-----------------------------------+-----------------------------------+ | `DDoS Mon | | | a | | | lerting `__ | | +-----------------------------------+-----------------------------------+ | ` | | | DNSDB `__ | | +-----------------------------------+-----------------------------------+ | `Shadowserver Compromised | | | Websites | | | `__ | | +-----------------------------------+-----------------------------------+ | `OpenPhish | | | Premium `__ | | +-----------------------------------+-----------------------------------+ | `VirusTotal | | | `__ | | +-----------------------------------+-----------------------------------+ | `Secure Domain | | | Foundation | | | `__ | | | , | | | `API `__ | | +-----------------------------------+-----------------------------------+ | ` | | | DNSDB `__ | | +-----------------------------------+-----------------------------------+ | `PassiveTotal < | | | https://www.passivetotal.com/>`__ | | +-----------------------------------+-----------------------------------+ 数据 ---- +-----------------------------------+-----------------------------------+ | 数据 | 简介 | +===================================+===================================+ | `st | 每月发布全球com/n | | atdns `__ | et/org等域名的统计，上面还有dns相 | | | 关工具的整理、RFC的列表，非常不错 | +-----------------------------------+-----------------------------------+ | `iana 的root zone | 根域登记 | | 数据 `__ | | +-----------------------------------+-----------------------------------+ | `open resolver | open resolver asn 统计 | | surveys | | | `__ | | +-----------------------------------+-----------------------------------+ | `openresolverproject.org `__ | | +-----------------------------------+-----------------------------------+ | `root-servers `__ | | +-----------------------------------+-----------------------------------+ | `j.root-servers `__ | | +-----------------------------------+-----------------------------------+ 节点 ---- - NS记录 - IP库 - 前端LocalDNS - 后端LocalDNS - 前后端LocalDNS重合度 - 跨运营商 - 同运营商跨地区 - 用户到运营商 - 运营商到权威 - 权威安全 ---- +-----------------------------------+-----------------------------------+ | 资料 | 说明 | +===================================+===================================+ | `Attacking the DNS | DNS攻击 | | Protocol `__ | | +-----------------------------------+-----------------------------------+ | `An analysis of the DNS cache | DNS缓存中毒分析 | | poisoning | | | attack `__ | | +-----------------------------------+-----------------------------------+ | `BIND 9 DNS Cache | Bind9 缓存中毒资料 | | Poisoning `__ | | +-----------------------------------+-----------------------------------+ | `BIND 8 DNS Cache | Bind8 缓存中毒资料 | | Poisoning `__ | | +-----------------------------------+-----------------------------------+ | `关 | DNSCurve笔记，关于加密DNS解析请求 | | 于DNSCURVE `__ | | +-----------------------------------+-----------------------------------+ | `What DNS Is | 讨论了些dns nxdomain/cdn | | Not `__ | | +-----------------------------------+-----------------------------------+ 厂商 ---- ======================================== ======================= 厂商简介 ======================================== ======================= `icann `__ 政策 `iana `__ DNS相关事件 `dns-oarc `__ DNS相关技术、漏洞及报告 `caida `__ 数据分析 `Nominum `__ 牛X厂商，权威、递归都有 ======================================== ======================= 书 -- +-----------------------+-----------+-----------------------------------+ | 时间 | 书 | 读后感 | +=======================+===========+===================================+ | 2011 | Pro DNS | 较详 | | | and BIND | 细的协议介绍，以及问题讨论，很全 | +-----------------------+-----------+-----------------------------------+ | 2008 | 构 | 第9章中讨论负载均衡的段落 | | | 建可扩展 | ，涉及TTL影响及GSLB的不足，很不错 | | | 的Web站点 | | +-----------------------+-----------+-----------------------------------+ | 2006 | DNS and | 必读 | | | Bind | | +-----------------------+-----------+-----------------------------------+ | 2006 | DNS in | 讲实际配置，简单明白，适合一读 | | | Action | | +-----------------------+-----------+-----------------------------------+ | 2002 | DNS and | 问题 | | | BIND | 手册型的书，实际操作比较好找答案 | | | Cookbook | | +-----------------------+-----------+-----------------------------------+ | 2000 | The | 问题手册型的书，快速翻阅之 | | | Concise | | | | Guide to | | | | DNS and | | | | BIND | | +-----------------------+-----------+-----------------------------------+ RFC --- +-----------------------------+---------------------------------------+ | RFC编号 | 简介 | +=============================+=======================================+ | RFC8499 | DNS术语集合，跟查字典差不多 | +-----------------------------+---------------------------------------+ | RFC5966 | 用TCP做DNS查询的相关事项，过一遍 | +-----------------------------+---------------------------------------+ | RFC5358 | DN | | | S反射攻击的预防，比较口水话，随便看看 | +-----------------------------+---------------------------------------+ | RFC4592 | 泛域名，感觉不错，值得一读 | +-----------------------------+---------------------------------------+ | RFC4033 / RFC4034 / RFC4035 | 讲DNSSEC，这几份读的很烦躁 | +-----------------------------+---------------------------------------+ | RFC3833 | 威胁分析，关键资料 | +-----------------------------+---------------------------------------+ | RFC3596 / RFC3152 / RFC1886 | DNS的IPv6支持，AAAA方案 | +-----------------------------+---------------------------------------+ | RFC3364 | DNS的IPv6支 | | | 持讨论，AAAA和A6的优缺点PK，看看不错 | +-----------------------------+---------------------------------------+ | RFC2308 | 否定缓存，写的挺好，值得一读 | +-----------------------------+---------------------------------------+ | RFC2181 | DNS介绍，基础必看 | +-----------------------------+---------------------------------------+ | RFC2136 | 动态更新支持，UPDATE | +-----------------------------+---------------------------------------+ | RFC1996 | 域更新的通知机制NOTIFY | +-----------------------------+---------------------------------------+ | RFC1995 | 域配置的增量更新IXFR | +-----------------------------+---------------------------------------+ | RFC1101 | 域名规范，大概看下 | +-----------------------------+---------------------------------------+ | RFC1034 / RFC1035 | DNS介绍，基础必看 | +-----------------------------+---------------------------------------+