Index

A

• A/IPv4 Address / A/IPv4 Address
• administrative contact set, domain name
  • about / The administrative contact set
  • controlled domain, using / Use a domain you control
  • different domain, using / Use a different domain than the name in the record
  • exploder, using / Use an exploder
  • unique address, using / Use a unique address
  • canaries, using / Alternatively, use canaries
• aftermarket scams / Aftermarket scams
• Amazon Web Services (AWS) / External secondaries
• anatomy, domain name
  • about / Anatomy of a domain name
  • registry details / Registry details
  • registrar WHOIS server / Registrar WHOIS server
  • expiry date / Expiry date
  • registrant contact set / The registrant contact set
  • administrative contact set / The administrative contact set
  • tech contact set / The tech contact set
  • billing contact set / The billing contact set
  • DNS details / DNS details
  • status / Status
  • status flags, set by registry / Ok
  • status flags, set by Registrar / clientHold
• anycast
  • versus unicast / Anycast versus Unicast
  • debugging / Debugging under anycast
• anycast DNS / Anycast DNS, Anycast DNS and DDoS mitigation
• authoritative nameservers / Authoritative nameservers
• axfr-get command / Slaving from a Bind master
• axfrdns service / Slaving bind from a tinydns master

B

• BIND / BIND
• BIND-DLZ
  • about / BIND-DLZ
  • reference / BIND-DLZ
  • zones, adding to busy BIND 9 servers / Adding new zones to busy BIND 9 servers (in the olden days) 
• Bundy
  • reference / BIND

C

• caching resolvers / Caching resolvers
• Certificate Authority (CA) / Why domains are important, TLSA
• Certification Authority Authorization (CAA) / CAA
• CERT Resource Record / CERT
• Classless Inter-Domain Routing (CIDR) / Reverse DNS and netblock subdelegations
• classless reverse DNS
  • about / Classless reverse DNS
  • sub-/24 PTR records, creating / The proper way to do sub-/24 PTR records
  • RFC 2317 method / The RFC 2317 method
  • RFC 2317 modified / RFC2317 modified
• Classless Reverse Mapping / Classless reverse DNS
• CNAME/Alias / CNAME/Alias
• Combined Signing Key (CSK) / Key structure
• command-line-based tools
  • about / Command line-based tools
  • Whois / whois
  • Domain Information Groper (dig) / dig
  • named-checkzone / named-checkzone and named-checkconf
  • named-checkconf / named-checkzone and named-checkconf
  • dnstop / dnstop
• components, anycast DNS
  • Autonomous System Number (ASN) / Your own Autonomous System Number (ASN)
  • address space / Address space to announce
  • transit providers / Transit providers, Transit providers who will route you
  • aftermarket / The aftermarket
  • nameserver configurations / Nameserver configurations
• content-delivery network (CDN) / CNAME/Alias
• Country Code TLDs (ccTLDs) / Country Code TLDs (ccTLDs)
• cybercriminals hack
  • case study / Cybercriminals hack DNS provider to take over Brazilian bank
  • account ACLs / Account ACLs
  • multi-factor authentication / Multi-factor authentication
  • event notifications / Event notifications
  • transfer locks / Transfer locks
  • registry locks / Registry locks
• cybersquatting / What is "CyberSquatting"? 

D

• daemontools
  • reference / Installation from source
  • djbdns/tinydns, installing / daemontools
• DDoS attacks, mitigating
  • about / Anycast DNS and DDoS mitigation
  • with DNS operators / What DNS operators can do to mitigate attacks
  • target, separating / Separating the target
  • with Response-Rate Limiting (RRL) / Response-Rate Limiting (RRL)
  • with Dnsdist / Dnsdist – the Swiss Army knife of DNS middleware
  • kernel, filtering of queries / Kernel filtering of queries
  • with mitigation devices / Mitigation devices
  • with mitigation services / Mitigation services
  • mitigation services / DDoS mitigation services
  • solutions, for individual domain owners / What individual domain owners can do
  • multiple DNS solutions, using / Using multiple DNS solutions
  • solutions, for DNS providers / For DNS providers
• Delegation Name Record (DNAME) / DNAME
• delegation schemes / Numbering and delegation schemes
• Denial-of-Service (DoS) / An effective Registrar should...
• dispute mechanisms
  • about / Dispute mechanisms
  • Uniform Domain Name Dispute Resolution Policy (UDRP) / Uniform Domain Name Dispute Resolution Policy (UDRP)
  • Uniform Rapid Suspension System (URSS) / Uniform Rapid Suspension System (URSS)
• djbdns/tinydns
  • about / djbdns/tinydns, Things to know
  • no native support, for DNSSEC / No native support for DNSSEC
  • no responses, for non-authoritative domains / No responses for non-authoritative domains
  • no support for TCP, in main daemon / TCP not supported in main daemon
  • support for IPv6 / Supports IPv6, SRV, NATPR, etc, natively, out-of-box (mostly)
  • support for SRV / Supports IPv6, SRV, NATPR, etc, natively, out-of-box (mostly)
  • support for NATPR / Supports IPv6, SRV, NATPR, etc, natively, out-of-box (mostly)
  • zones, compiling in single datafile / All zones in a single datafile
  • time, handling / How time is handled
  • installation, from source / Installation from source
  • installing, with daemontools / daemontools
  • installing, with ucspi-tcp / ucspi-tcp
  • bind data, obtaining / Getting your bind data into tinydns
  • axfr method, using / axfr each zone
  • parser, using / Using a parser
  • reference / Using a parser
  • slaving, from Bind master / Slaving from a Bind master
  • bind, slaving from tinydns master / Slaving bind from a tinydns master
  • conclusion / tinydns wrap-up
• DNS, over TCP
  • advantages / When does DNS use TCP instead of UDP?
  • zone transfers / Zone transfers happen over TCP
  • EDNS / EDNS and large responses
  • large responses / EDNS and large responses
  • DNS query, anatomy / The anatomy of a DNS query – how nameserver selection actually works
• DNS-based Authentication of Named Entities (DANE) / TLSA
• dnscache / djbdns/tinydns
• DNS cache poisoning / Transaction ID
• DnsDist
  • about / Dnsdist – the Swiss Army knife of DNS middleware
  • reference / Dnsdist – the Swiss Army knife of DNS middleware
• DNS flags
  • QR (query response) / Transaction ID
  • AA (authoritative answer) / Transaction ID
  • TC (truncated content) / Transaction ID
  • RD (recursion desired) / Transaction ID
  • RA (recursion available) / Transaction ID
  • RCODE (response code) / Transaction ID
• DNS lookup
  • anatomy / Anatomy of a DNS lookup
  • DNS query, format / Format of a DNS query
• DNS lookups, securing
  • mechanisms / Securing DNS lookups
  • DNSCurve, using / DNSCurve
  • DNS over TLS / DNS over TLS
• dnsnotify / Slaving bind from a tinydns master
• DNS query
  • transaction ID / Transaction ID
  • number of questions / Number of questions
  • number of answers / Number of answers
  • number of authority records / Number of authority records
  • number of additional records / Number of additional records
  • query name / Query name
  • query type / Query type
  • query class / Query class
  • additional section responses / Additional section responses in queries
• DNSSEC-specific Resource Record / DNSSEC-specific RR Types
• DNSSEC Resource Record, types
  • RRSIG / RRSIG
  • DNSKEY / DNSKEY
  • DS (Delegation Signer) / DS (Delegation Signer)
  • key rollovers on DS, effects / Effect of key rollovers on the DS
  • DS records, getting into parent zone /  How do I get my DS records into the parent zone?
• DNS Security Extensions (DNSSEC)
  • about / DNS Security Extensions (DNSSEC)
  • functionality / What DNSSEC does
  • advantages / Is DNSSEC really a magic bullet for DNS security?
  • drawbacks / Drawbacks of using DNSSEC
  • usage / When to use DNSSEC
  • zones, signing / Signing your zones
  • deployment, preparing / Preparing a DNSSEC deployment
  • operational ramifications / Operational ramifications of DNSSEC
  • zone updates / Zone updates
  • multiple providers, using / Using multiple providers with DNSSEC
  • Resource Record, types / DNSSEC Resource Record Types
  • DS keys, managing after initial setup / Maintaining DS keys after initial setup (CDS/CDNSKEY)
  • NSEC/NSEC3 / NSEC/NSEC3
  • implementing, on nameservers / Implementing DNSSEC on your nameservers
  • PowerDNS / PowerDNS
  • BIND / BIND
  • NSD / NSD
  • Tinydns / Tinydns
• DNS Security Extensions (DNSSEC), deployment
  • preparing / Preparing a DNSSEC deployment
  • key structure / Key structure
  • key rollover policy / Key rollover policy
  • trust chains / Trust chains
  • internet root, authentication / How is the internet root authenticated?
• DNS stuff
  • about / DNS stuff
  • reference / DNS stuff
• dnstop / dnstop
• dnsviz
  • about / dnsviz
  • reference / dnsviz
• Domain-based Message Authentication Reporting and Conformance (DMARC)
  • about / DMARC
  • implementing / DMARC
• Domain Information Groper (dig)
  • about / dig
  • responses / Understanding dig responses
  • HEADER section / The HEADER section
  • ANSWER section / The ANSWER section
  • AUTHORITY section / The AUTHORITY section
  • ADDITIONAL section / The ADDITIONAL section
  • using / Using dig
  • DNSSEC / DNSSEC
  • reverse lookups / Reverse lookups
  • delegation chains / Delegation chains
  • host / host
• DomainKeys Identified Mail (DKIM)
  • about / Implementing SPF, DKIM, and DMARC
  • implementing / DKIM
• Domain Keys Identified Mail (DKIM) / Email phishing (spearphishing)
• Domain Message Authenticating Reporting and Conformance (DMARC) / Email phishing (spearphishing)
• domain name
  • about / Domain names 101
  • anatomy / Anatomy of a domain name
  • expiry cycle / Understanding the domain name expiry cycle
• Domain Name System (DNS) / Domain names 101
• domain policies
  • about / Domain policies you must be aware of
  • Whois Accuracy Program (WAP) / The Whois Accuracy Program (WAP)
  • bad Whois reports / Incorrect or bad Whois reports
  • domain slamming / Domain slamming
  • phishing / Phishing
  • unintentional expiry / Unintentional expiry
  • search engine / Search engine/trademark registrations
  • trademark registrations / Search engine/trademark registrations
  • domain scams / Domain scams
  • DNS failures / DNS failures
• domains
  • need for / Why domains are important
  • importance / Why domains are important
  • selecting, to register organization / Which domains should your organization register?
  • trademarks, asserting within TLD landscape / Asserting Your trademarks within the new TLD landscape
• domain scams
  • about / Domain scams
  • Foreign Infringer scam / The Foreign Infringer scam
  • aftermarket scams / Aftermarket scams
  • buy-side scam / Buy-side scam
  • sell-side scams / Sell-side scams
• domain security
  • from unauthorized manipulation / Protecting your domains from unauthorized manipulation
  • cybercriminals hack / Cybercriminals hack DNS provider to take over Brazilian bank
  • DNS Security Extensions (DNSSEC) / DNS Security Extensions (DNSSEC)
  • key rollover / Key rollovers
  • DNS lookups, securing / Securing DNS lookups
• domain slamming / Domain slamming
• domaintools
  • reference / domaintools
  • about / domaintools
• domain transfer
  • about / Transferring domain names
  • registrant, modifying / Change of registrant
  • nameserver delegation, modifying / Nameserver redelegations
  • DNSSEC-signed domains, redelegating / Redelegating DNSSEC-signed domains
  • registrar, transferring without nameserver modification / Registrar transfer (without changing nameservers)
  • registrar, transferring / Registrar transfer and nameserver redelegation
  • nameserver redelegation / Registrar transfer and nameserver redelegation
  • additional nameservers, adding / Adding additional nameservers
  • zone data, syncing across secondaries / Syncing zone data across secondaries
  • migrations, planning with DNS updates / Planning migrations with DNS updates
  • new nameservers, transferring to / Moving to new nameservers
• DYN (Dynamic DNS records) / DYN (Dynamic DNS records)
• Dynamically-Loaded Zones (DLZ) / BIND-DLZ
• dynamic DNS
  • about / DNS failover, Dynamic DNS
  • target resource, monitoring / The target resource must be monitored
  • health, monitoring / Its health must be measured and evaluated
  • standby resource, using / The standby resource must be ready
  • reversion strategy, planning / There must be a reversion strategy
  • standards-based dynamic DNS (RFC 2136) / Standards-based dynamic DNS (RFC 2136)
  • via web requests / Dynamic DNS via web requests

E

• easyRoute53
  • reference / External secondaries
  • about / External secondaries
• easywhois
  • reference / easywhois
  • about / easywhois
• email forwarders
  • about / Email forwarders
  • generic email, forwarding / Generic email forwarding
  • separating, from backup spooling via MX records / Separating forwarders from backup spooling via MX records
  • large volume of email, handling / How to handle a large volume of email – where to cluster?
• expiry cycle, domain name
  • about / Understanding the domain name expiry cycle
  • domain expires / Domain expires (day 0)
  • domain, parking / Domain gets parked (days 3 to 5-ish)
  • registrant grace period (RGP) / RGP – Registrant Grace Period (up to 45 days)
  • redemption period / Redemption period (day 45-ish)
  • PendingDelete / PendingDelete – day 90 (5 days)
  • expiry, avoiding / Never do this
  • key domain, loosing / What to do if you lose a key domain
• Extended Provisioning Process (EPP) / Redemption period (day 45-ish)

F

• fields, Start of Authority (SOA)
  • MNAME (Originating Nameserver) / MNAME (Originating Nameserver)
  • RNAME (Point of Contact) / RNAME (Point of Contact)
  • serial number / Serial
  • refresh interval / The Refresh interval
  • retry interval / The Retry interval
  • expire interval / The Expire interval
  • minimum / Minimum
• format, Resource Record (RR)
  • DNS zone, constructing / Constructing a zone
  • zone, constructing / Constructing a zone
  • Start of Authority (SOA) / Start of Authority (SOA)
  • nameserver (NS) / Nameserver (NS)
  • A/IPv4 Address / A/IPv4 Address
  • CNAME/Alias / CNAME/Alias
  • Aliases, versus Hostnames / When to use Aliases vs Hostnames
  • Hostnames, versus Aliases / When to use Aliases vs Hostnames
  • TXT/Text Record / TXT/Text Records
  • SRV records / SRV
  • Naming Authority Pointer / NAPTR
  • Delegation Name Record (DNAME) / DNAME
  • PTR record / PTR
  • IPv6 / IPv6
  • CERT Resource Record / CERT
  • TLSA Resource Record / TLSA
  • Certification Authority Authorization (CAA) / CAA
  • DNSSEC-specific / DNSSEC-specific RR Types
• full resolvers / Full resolvers

G

• generic email
  • forwarding / Generic email forwarding
• generic TLDs (gTLDs) / Status, Generic TLDs
• Geo DNS
  • about / Geo DNS
  • edns-client-subnet / Edns-client-subnet
  • native support / Native support for Geo DNS
  • PowerDNS backend / PowerDNS and GeoIP backend
  • GeoIP backend / PowerDNS and GeoIP backend
  • BIND / BIND and Geo IP
  • Geo IP / BIND and Geo IP
  • GeoIP fork, for djbdns / BIND and Geo IP
  • centric nameservers / GeoDNS-centric nameservers
  • anycast method / Anycast method
  • custom PowerDNS backend method / Custom PowerDNS backend method
• geoDNS server / Adding custom backends to PowerDNS
• GeoIP backend
  • reference / PowerDNS and GeoIP backend
• GitZone
  • reference / Syncing zone data across secondaries
  • about / Syncing zone data across secondaries
• Global DNS Propagation Checker
  • Anycast deployed DNS / whatismydns
  • GeoDNS / whatismydns

H

• hidden primary
  • about / Hidden primaries
  • considerations / Hidden primary considerations

I

• IANA taxonomy
  • URL / Registries and Registrars
• IDN Conversion Tool
  • URL / Online tools for converting punycode
• IDN TLDs
  • about / IDN TLDs
  • online tools, used for converting punycode / Online tools for converting punycode
• Incremental Zone Transfer (IXFR) / Secondary nameservers
• Infrastructure TLDs / Infrastructure TLDs
• Intellectual Property (IP) / Uniform Domain Name Dispute Resolution Policy (UDRP)
• Internet Protocol (IP) address / Domain names 101
• IP space / IP space
• IPv6
  • about / IPv6
  • AAAA / AAAA
  • A6 / A6
  • adding, to DNS zone / Adding IPv6 to your zones
  • Reverse DNS, using / Reverse DNS for IPv6
  • queries / Queries for IPv6
  • operational considerations / Operational considerations
• IPv6-enabled nameservers / IPv6-enabled nameservers

K

• kerberos
  • using / Securing zone transfers with TSIG
• key rollover
  • about / Key rollovers
  • reference / Key rollovers
  • double-signing method / Double-signing method
  • prepublish method / Prepublish method
  • key-rolling utilities / Key-rolling utilities
  • resources / Key-rolling utilities
• Knot DNS
  • about / Knot DNS
  • reference / Installation
  • installation / Installation
  • configuration / Configuration
  • knotc / knotc – the Knot DNS controller
  • zones, slaving / Slaving zones
  • DNSSEC support / DNSSEC support

L

• landrush phase / Landrush
• Letters of Authority (LOAs) / Transit providers who will route you
• load-balancing/global weighted load-balancing / Load-balancing/global weighted load-balancing

M

• Mail Exchanger (MX) record
  • about / The Mail Exchanger (MX) record
  • preference / Preferences, Priorities, and Delivery Order
  • priorities / Preferences, Priorities, and Delivery Order
  • delivery order / Preferences, Priorities, and Delivery Order
  • backup MX handler, considerations / Backup MX handler considerations
  • special case / Special case MX records
  • domains, managing / Managing many MX domains
• mail transport agents (MTAs) / The Mail Exchanger (MX) record, Generic email forwarding
• methods, for formatting serial number
  • Unix timestamp / Unix timestamp
  • raw count / Raw count
  • DNS zone, updating / When the format of the Serial actually matters
• mitigation services
  • about / Mitigation services
  • colocated gear / Colocated gear
  • via BGP / Via BGP
  • via glue records / Via glue records
  • reverse proxy / Reverse proxy
  • GRE Tunnels / GRE Tunnels
• multiple CNAME RRSet
  • about / POOL records (multiple CNAME RRSet)
  • restrictions / Why can't you have a CNAME with other data?
• multiple DNS solutions
  • using / Using multiple DNS solutions
  • data, maintaining in sync across deployments / Keeping your data in sync across those deployments
  • nameserver delegation health, monitoring / Monitoring the health of your nameserver delegation
  • open source monitoring tools, using / Monitoring the health of your nameserver delegation
  • monitoring services, using / The ability to change delegations when required
  • delegations, modifying / The ability to change delegations when required
• MyEtherWallet cryptocurrency
  • reference / Transaction ID

N

• nagios / The target resource must be monitored
• named-checkconf / named-checkzone and named-checkconf
• named-checkzone / named-checkzone and named-checkconf
• nameserver (NS) / Nameserver (NS)
• name server daemon (NSD)
  • about / NSD, Things to know
  • no native support, for RFC 2136 dynamic DNS / No native support for RFC 2136 dynamic DNS
  • slave notification / Notifies to slaves
  • installing / Installation and setup
  • setting up / Installation and setup
  • features / nsd wrap-up
• nameserver glue records / Nameserver records
• nameserver heterogeneity
  • versus nameserver homogeneity / Heterogeneity vs homogeneity in nameserver deployments
  • about / Heterogeneity vs homogeneity in nameserver deployments
• nameservers, for domain transfer
  • adding, additionally / Adding additional nameservers
  • external secondaries / External secondaries
  • external masters / External masters
  • considerations / Other considerations
  • secondary DNS arrangements, structuring / Structuring secondary DNS arrangements
  • zone transfers with TSIG, securing / Securing zone transfers with TSIG
• Naming Authority Pointer / NAPTR
• National Arbitration Forum (NAF) / Uniform Domain Name Dispute Resolution Policy (UDRP)
• negative caches / Negative caches
• netblock subdelegations / Reverse DNS and netblock subdelegations
• new nameservers, for domain transfer
  • transferring to / Moving to new nameservers
  • single zones, moving / Moving single zones
  • slave, obtaining from current master / Have the new nameservers slave from the current master
  • new master, setting up / Setting up a new master to serve the new nameservers
  • entire portfolios of domains, transferring / Moving entire portfolios of domains
• Non-Delivery Notifcation (NDN) / Special case MX records
• numbering schemes / Numbering and delegation schemes

O

• operational considerations, IPv6
  • transport-independent / Transport-independent
  • IPv4/IPv6 fragmentation, avoiding / Avoiding IPv4/IPv6 fragmentation
  • TTL, considerations / TTL considerations
  • resolver, considerations / Resolver considerations

P

• phishing
  • about / Phishing
  • email phishing / Email phishing (spearphishing)
  • web phishing / Web phishing
• POOL records / POOL records (multiple CNAME RRSet)
• PowerDNS
  • about / PowerDNS
  • ANY qtype / Things to know
  • supermaster / The Supermaster (auto-adding new zones to secondaries)
  • installation / Installation
  • Lua, integration / Lua integration
  • configuring / Configuring powerdns
  • BIND-style zone data, converting / Converting BIND-style zone data into powerdns
  • slaving, from BIND masters / Slaving PowerDNS from BIND masters
  • using, to BIND secondaries / Using a PowerDNS master to BIND secondaries
  • custom backends, adding / Adding custom backends to PowerDNS
  • reference / Adding custom backends to PowerDNS, front-signing
  • wrapping up / PowerDNS wrap-up
  • support for DNSSEC / PowerDNS
  • pre-signed / pre-signed
  • front-signing / front-signing
• primary nameserver
  • about / Primary Nameserver
  • hidden primary / Hidden primaries
• PTR record / PTR

Q

• QTYPES
  • ANY / Query type
  • AXFR / Query type
  • IXFR / Query type
  • OPT / Query type

R

• Real-Time Blackhole Lists (RBLs) / Why domains are important
• Regional Internet Registry (RIR) / Reverse DNS and netblock subdelegations, Your own Autonomous System Number (ASN)
• RegisterFly / RegisterFly – The Lehman Brothers' moment of the domain industry
• Registrar Accreditation Agreement (RAA) / The Whois Accuracy Program (WAP)
• Registrars
  • about / Registries and Registrars, Registrars and Resellers
  • features / An effective Registrar should...
• registrar transfer, for domain transfer
  • about / Registrar transfer (without changing nameservers)
  • with or without corresponding nameserver change / IMPORTANT – make sure your new registrar knows what to do with the nameservers
  • WAP, triggering / Beware! Transfers may trigger the WAP!
  • steps / Steps of a registrar transfer
• Registration Data Access Protocol (RDAP) / Registration Data Access Protocol (RDAP)
• Registries
  • about / Registries and Registrars
  • Generic TLDs / Generic TLDs
  • Country Code TLDs (ccTLDs) / Country Code TLDs (ccTLDs)
  • Top-Level Domains / New Top-Level Domains
  • IDN TLDs / IDN TLDs
  • Infrastructure TLDs / Infrastructure TLDs
• Request For Enforcement (RFE) / Transfer Dispute Resolution Procedure (TDRP)
• resolvers
  • about / Introducing resolvers, Resolvers
  • comparing / Differences between stub resolvers, caching resolvers, and full resolvers
  • negative caches / Negative caches
• Resource Record (RR)
  • about / Domain names 101, Introducing resolvers, Full resolvers, Query type
  • format / Format of an RR
• response policy zones (RPZs) / Why domains are important
• response rate limiting (RRL) / EDNS and large responses, Response-Rate Limiting (RRL)
• reverse DNS
  • about / Reverse DNS and netblock subdelegations
  • classless reverse DNS / Classless reverse DNS
  • using, for IPv6 / Reverse DNS for IPv6
• right-hand side (RHS) / Start of Authority (SOA), The Zone Apex Alias (ANAME)
• rollout phase, TLD
  • sunrise phase / Sunrise
  • landrush phase / Landrush
  • premium auction / Premium auction
• round-trip times (RTTs) / The anatomy of a DNS query – how nameserver selection actually works
• Round Robin DNS / Round Robin DNS

S

• secondary nameservers / Secondary nameservers
• Secure Entry Point (SEP) / DNSKEY
• Sender Policy Framework (SPF)
  • about / Email phishing (spearphishing), TXT/Text Records
  • implementing / Implementing SPF, DKIM, and DMARC, SPF
  • reference / SPF, Overcomplicated SPF records can lead to bounces
  • email-forwarding / SPF breaks email-forwarding
  • bounces of overcomplicated records / Overcomplicated SPF records can lead to bounces
• Sender Rewriting Schemes (SRS) / SPF breaks email-forwarding
• sensu / The target resource must be monitored
• Single-Point-Of-Failure (SPOF) / Adding additional nameservers
• SRV records / SRV
• Start of Authority (SOA)
  • about / Negative caches, Start of Authority (SOA)
  • fields / Start of Authority (SOA)
• status flags, set by Registrar
  • clientHold / clientHold
  • clientDeleteProhibited / clientDeleteProhibited
  • clientTransferProhibited / clientTransferProhibited
  • clientUpdateProhibited / clientUpdateProhibited
  • clientRenewProhibited / clientRenewProhibited
• status flags, set by registry
  • Ok / Ok
  • inactive / inactive
  • autoRenewPeriod / autoRenewPeriod
  • pendingTransfer / pendingTransfer
  • redemptionPeriod / redemptionPeriod
  • pendingDelete / pendingDelete
• stub resolvers / Stub resolvers

T

• time to live (TTL)
  • about / Full resolvers, Minimum
  • setting to 0 / Can't You Just Set Your $TTL To 0?
• TLSA Resource Record / TLSA
• top-level domain (TLD)
  • about / Anatomy of a domain name, Registries and Registrars, New Top-Level Domains
  • URL / New Top-Level Domains
  • rollout phase / Rollout phases of a new TLD
• top-level domain nameservers (TLD)
  • about / Top-level domain nameservers
  • order / Nameserver order
  • . nameservers, fetching by resolver / How does a resolver know where the "." nameservers are?
  • DNS lookup, anatomy / Anatomy of a DNS lookup
• Trademark Clearing House
  • about / The Trademark Clearing House
  • typo domains / Typo domains
  • cybersquatting / What is "CyberSquatting"? 
  • dispute mechanisms / Dispute mechanisms
• Transaction Signatures (TSIG) / Securing zone transfers with TSIG
• Transfer Dispute Resolution Procedure (TDRP) / Transfer Dispute Resolution Procedure (TDRP)
• Transport Layer Security (TLS) / Web phishing
• TXT/Text Record
  • SPF records / SPF records
• typo domains / Typo domains

U

• ucspi-tcp
  • reference / Installation from source
  • djbdns/tinydns, installing / ucspi-tcp
• unicast
  • versus anycast / Anycast versus Unicast
  • architectures / Unicast architectures
• Uniform Domain Name Dispute Resolution Policy (UDRP)
  • about / Uniform Domain Name Dispute Resolution Policy (UDRP)
  • working / How the UDRP works
  • initiating, against domain / What happens when somebody initiates a UDRP against your domain?
• Uniform Rapid Suspension System (URSS) / Uniform Rapid Suspension System (URSS)
• URL forwarder / URL Forwards and Redirects
• URL redirects / URL Forwards and Redirects

V

• vanity nameservers / The Supermaster (auto-adding new zones to secondaries)
  • about / Vanity nameservers
  • TLD redundancy / TLD redundancy

W

• web-based debugging tools
  • about / Web-based debugging tools
  • DNS stuff / DNS stuff
  • whatismydns / whatismydns
  • dnsviz / dnsviz
  • easywhois / easywhois
  • domaintools / domaintools
• web phishing / Web phishing
• whatismydns
  • about / whatismydns
  • reference / whatismydns
• Whois
  • about / What is Whois?, whois
  • thin Whois, versus thick Whois / Thin versus thick Whois
  • privacy / Whois privacy
  • RegisterFly / RegisterFly – The Lehman Brothers' moment of the domain industry
  • privacy, determining / How to tell whether Whois privacy is enabled
  • privacy, using / Why you should always use Whois privacy
  • privacy, avoiding / Why you should never use Whois privacy
  • Europe's GDPR, effect / Europe's GDPR and its effect on Whois
  • Registration Data Access Protocol (RDAP) / Registration Data Access Protocol (RDAP)
  • correct domain, inspecting / Are we looking at the correct domain?
  • domain expiry, checking at registry / Has the domain expired at the registry?
  • Registry/Registrar status, of domain / What is the Registry/Registrar status of the domain?
  • domain, using expected nameservers / Is the domain using the expected nameservers?
  • DNSSEC-signed, verifying / Is it DNSSEC-signed?
  • record, checking for new TLD / How to look at a Whois record for a new TLD
• Whois Accuracy Program (WAP) / The Whois Accuracy Program (WAP), What is the Registry/Registrar status of the domain?
• Whois Data Reminder Policy (WDRP) / The Whois Accuracy Program (WAP)
• Whois Inaccuracy Process / Incorrect or bad Whois reports
• Wildcard/NXDOMAIN server / Adding custom backends to PowerDNS
• wireshark / Separating the target
• World Intellectual Property Rights Organization (WIPO) / Uniform Domain Name Dispute Resolution Policy (UDRP)

Z

• zone2sql utility / Converting BIND-style zone data into powerdns
• Zone Apex Alias (ANAME)
  • about / The Zone Apex Alias (ANAME), Zone apex aliasing
  • updates / Updates
  • multiple A records (RRSets) / Multiple A records (RRSets)
  • CNAME chains / CNAME chains
• zone poisoning / Standards-based dynamic DNS (RFC 2136)