advanced-ccTLD Wiki

Workshop Outline

| Workshop Outline | Topics | Assessment | ccTLDs Amsterdam | ccTLD Nepal | Planning Notes | Emails |

Here is a sample 5-day workshop outline. At the end of this outline are additional topics that we will have materials available for. In addition, you can view the Topics table for a detailed view of each topic, status of materials and how they relate to each other.

Each session is 90 minutes in length. There is a lunch break between sessions 2 and 3.

Advanced ccTLD Workshop

Draft Outline 5 Day Workshop -------------- DAY 1 ----- Session 1: Introduction and Welcomes Country presentations Session 2: Country presentations cont. Lunch Session 3: Operating System Basics, Tips and Tricks Session 4: Cryptography Intro - Ciphers, Public/Private Keys, Digital Signatures, Certificates. Mention of where these fit (PGP, SSH, SSL, DNSSEC, HTTPS, POPS, IMAPS, etc.) DAY 2 ----- Session 1: Cryptography cont. Session 2: DNSSEC - Overview - What is DNSSEC - How does it work and what does it offer ? - Where are we today and what are the alternatives - What does deployment roadmap look like ? Lunch Session 3: Single to multiple registry to registrar model - Why transition ? - Administrative, and operational comparison of 2 tier vs 3 tier model - Technical implications - Impact on policy Session 4: Single to multiple registry to registrar model cont. - Choosing and implementing a Registry- Registrar interface (EPP or other) - Database schema, and normalization of registrar and registrant data - DB API, methods and tools - Database and middleware choices DAY 3 ----- Session 1: Scripting - System scripts (bash) - Perl, Python, Ruby, RegEx Session 2: Scripting cont. - More practice and use, including some focus on DNS specific items like: a Perl coding example with Net::DNS and similar modules, to ease DNS monitoring, debugging, ... Lunch Session 3: Building Out Your Registry (30+ minute intro) - Scaling your operation - Monitoring your network and Registry specific services + Key services using SmokePing, Nagios, DNSMON, etc. - Monitoring of DB, nameservers, web servers, monitoring of zone data, zone export processes and the general "production chain" from producing a zone file to serving the right contents. - Support systems including helpdesk and ticket/support systems - Archiving/Backups (recovery from security incidents) - Constant query logging- saving all DNS queries for the last few days to facilitate analysis of DNS traffic (including attacks) Registry Tools: - TinyReg - Registro - CoCCA - CodevNIC - .NZ Registry/Registrar code - Isle of Mann (.IM) EPP-compliant code Session 4: Build up Workstation as Needed to support previous topics We'll install and configure: - SNMP - MRTG/RRDTool - Nagios - Smokeping - DNSMON - Trac (possibly RT) - Syslog, rsync, Initial Introduction to SNMP DAY 4 ----- Session 1: SNMP Cont. Session 2: Install and Discuss MRTG/RRDTool Revision Control in Practice - Install and use CVS Lunch Session 3: Setup rsync with practical backup example Discuss and Install Nagios Session 4: Setup key service monitoring with Nagios - HTTP on all PCs in class Setup Smokeping with DNS check DAY 5 ----- Session 1: Install/Configure logging - Log all DNS queeries - Log IP traffic to/from nameservers using wireshark Session 2: Potential Helpdesk/Ticketing Systems - Install Trac (or RT) - Concept of SLA and ticketing systems (Who is the customer?) Lunch Session 3: Helpdesk/Ticketing Systems cont. - Sample live ticket generation. Down service noted by Nagios or SmokePing. Generates ticket, generates email. Revisit Building Out Your Registry - What do you need for your registry software? + Database(s) + Revision control Session 4: Discuss SLAs Again Revisit Building Out Your Registry one final time Course Summary and Review Student Feedback Hand out Certificates ADDITIONAL TOPICS ----------------- * Ticket System with RT or Trac, depending on which is taught. * Security: additional depth of discussion on cryptographic techniques. * SSL: - Discussion of trust model. - Digital certificate generation. - HTTPS * PGP: - Key signing * Databases additional - Possible example w/PostGreSQL and Whois Server and/or showing how to use a DB to store zone information. - Whois data - Billing data - Dealing with versioning/change control in a DB environment * DNSSEC: More detail or practicals, like signing: * TSIG (as part of DNS)