# official Top Level Domains

## DNS with TLD

Lesestoff zu Best practises

- bind9
- Load Balancing A-Records: [https://bind9.readthedocs.io/en/v9\_16\_6/configuration.html#load-balancing](https://bind9.readthedocs.io/en/v9_16_6/configuration.html#load-balancing)
- Geo IP: [https://kb.isc.org/docs/aa-01149](https://kb.isc.org/docs/aa-01149)
- [https://geoip.site/](https://geoip.site/)


- highly-available-bind-dns-cluster-design-million-users : [https://www.root101.net/highly-available-bind-dns-cluster-design-million-users/](https://www.root101.net/highly-available-bind-dns-cluster-design-million-users/)
- BCP16 document : [https://www.rfc-editor.org/bcp/bcp16.txt](https://www.rfc-editor.org/bcp/bcp16.txt)
- Secure and HA DNS Infrastructure:[ https://insights.sei.cmu.edu/blog/six-best-practices-for-securing-a-robust-domain-name-system-dns-infrastructure/](https://insights.sei.cmu.edu/blog/six-best-practices-for-securing-a-robust-domain-name-system-dns-infrastructure/)
- DNS Erklärung und Security Empfehlungen: [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-81-2.pdf](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-81-2.pdf)
- Absatz 7.2.7 -&gt; hidden primary DNS server

- Serverfault 01 : [https://serverfault.com/questions/17255/top-level-domain-domain-suffix-for-private-network](https://serverfault.com/questions/17255/top-level-domain-domain-suffix-for-private-network)
- DNS Konzept with Subzones: [https://serverfault.com/a/17730](https://serverfault.com/a/17730)
- Verweis auf AWS und GCP : [https://serverfault.com/a/1041148](https://serverfault.com/a/1041148)

- ANSSI’s recommendations : [https://news.gandi.net/en/2021/06/dns-server-management-how-gandi-helps-businesses-follow-anssis-recommendations/](https://news.gandi.net/en/2021/06/dns-server-management-how-gandi-helps-businesses-follow-anssis-recommendations/)
- NS1:
- dns-failover-basic-concepts-and-limitations [https://ns1.com/resources/dns-failover-basic-concepts-and-limitations](https://ns1.com/resources/dns-failover-basic-concepts-and-limitations)
- Integration of Managed DNS Service as Load and DDoS Protection: [https://ns1.com/resources/primary-dns-vs-secondary-dns-and-advanced-use-cases](https://ns1.com/resources/primary-dns-vs-secondary-dns-and-advanced-use-cases)

- A DNS load balanced HA cluster with Bind9 and BalanceNG : [https://load-balancer.inlab.net/examples/a-dns-load-balanced-ha-cluster-with-bind9-and-balanceng/](https://load-balancer.inlab.net/examples/a-dns-load-balanced-ha-cluster-with-bind9-and-balanceng/)

## TLD vs interne IPs

\* [https://www.rfc-editor.org/rfc/rfc6762#appendix-G](https://www.rfc-editor.org/rfc/rfc6762#appendix-G)

\* oTLD für Tests:

\*\* [https://www.rfc-editor.org/rfc/rfc2606#section-2](https://www.rfc-editor.org/rfc/rfc2606#section-2)

\*\* [https://datatracker.ietf.org/doc/html/rfc6761#section-6.2](https://datatracker.ietf.org/doc/html/rfc6761#section-6.2)

\* oTLD, die noch nicht offiziell freigegeben sind bereits intern nutzen: [https://isc.sans.edu/forums/diary/Stop+Using+internal+Top+Level+Domain+Names/21095/](https://isc.sans.edu/forums/diary/Stop+Using+internal+Top+Level+Domain+Names/21095/)

\* DNS Schwachstellen: [https://www.varonis.com/de/blog/was-dns-ist-wie-es-funktioniert-und-schwachstellen](https://www.varonis.com/de/blog/was-dns-ist-wie-es-funktioniert-und-schwachstellen)