This technical workshop consists of lectures and hands-on labs to teach DNS and DNS Security Extensions targeted at operators who are responsible for the DNS services in their organization.
- DNS concepts
- BIND (DNS server) and Resolver (DNS client) configurations
- Setting up domains
- DNS debugging tools, troubleshooting, and techniques
- Reverse DNS
- Access control lists
- Secured dynamic updates
- DNS security extensions (DNSSEC)
- DNS and IPv6
- Network/systems administrators and engineers from ISP/REN/Universities or corporations, who are responsible for DNS service, and operating authoritative and/or recursive DNS installations.
- Medium to good knowledge of the UNIX/Linux command line environment
- Basic understanding of DNS (this course is not an introduction)
- Basic knowledge of TCP/IP networking
- participants are required to bring a laptop
At the end of the workshop, students will be able to:
- Explain core DNS concepts such as delegation, replication, authoritative vs recursive resolvers.
- Configure DNS servers, such as BIND and NSD, and DNS resolver software configurations.
- Create a new domain and successfully have it delegated and tested as operational.
- Use DNS debugging tools to perform troubleshooting techniques.
- Explain the structure of Reverse DNS for IPv4 and IPv6 address families and have them successfully delegated.
- Be able to use name server control software such as
nsdc, and unbound-control to administer a production system.
- Create Access control lists to manage connections to a DNS hidden master.
- Use TSIG to control access between slave and master servers and secure dynamic updates.
- Explain core DNS security extensions (DNSSEC) concepts such as RRSETs, Zone Keys, DS Records.
- Explain and be able to mitigate any increased risks to production system stability due to the deployment of DNSSEC.
- Explain core concepts related to common key management policy documents.