DNS and DNS Security Workshop (DNS)

Synopsis

Return to Outlines

This technical workshop consists of lectures and hands-on labs to teach DNS and DNS Security Extensions targeted at operators who are responsible for the DNS services in their organization.

Workshop Topics

  • DNS concepts
  • BIND (DNS server) and Resolver (DNS client) configurations
  • Setting up domains
  • DNS debugging tools, troubleshooting, and techniques
  • Reverse DNS
  • RNDC
  • Access control lists
  • TSIG
  • Secured dynamic updates
  • DNS security extensions (DNSSEC)
  • DNS and IPv6

Target Audience

  • Network/systems administrators and engineers from ISP/REN/Universities or corporations, who are responsible for DNS service, and operating authoritative and/or recursive DNS installations.

Prerequisites

  • Medium to good knowledge of the UNIX/Linux command line environment
  • Basic understanding of DNS (this course is not an introduction)
  • Basic knowledge of TCP/IP networking
  • participants are required to bring a laptop

Objectives

At the end of the workshop, students will be able to:

  • Explain core DNS concepts such as delegation, replication, authoritative vs recursive resolvers.
  • Configure DNS servers, such as BIND and NSD, and DNS resolver software configurations.
  • Create a new domain and successfully have it delegated and tested as operational.
  • Use DNS debugging tools to perform troubleshooting techniques.
  • Explain the structure of Reverse DNS for IPv4 and IPv6 address families and have them successfully delegated.
  • Be able to use name server control software such as rndc, nsdc, and unbound-control to administer a production system.
  • Create Access control lists to manage connections to a DNS hidden master.
  • Use TSIG to control access between slave and master servers and secure dynamic updates.
  • Explain core DNS security extensions (DNSSEC) concepts such as RRSETs, Zone Keys, DS Records.
  • Explain and be able to mitigate any increased risks to production system stability due to the deployment of DNSSEC.
  • Explain core concepts related to common key management policy documents.

Return to Outlines