Initial draft:
Day 1: DNS refreshers - Analysis - Architecture - Software S1: - Intro - Presentation of participants, and scope of work - DNS refreshers, with focus on the more obscure aspects of DNS - glue records - ... ? S2: - Hands on using dig, doc, wireshark - using 'dig' to debug DNS servers - using 'doc' to debug zones and delegations - tcpdump and wireshark S3: - Reliable Architecture design - Separation of authoritative and recursive - Distinct networks (not inside the same AS) - Avoid RFC1918 ip6.arpa/in-addr.arpa leakage (see AS112) S4: - Software presentation - BIND, NSD, Unbound - Use cases Day 2: Sizing/configuration - Logging & monitoring - DNS Security S1: - Sizing and deploying a DNS server - Platform, OS, tuning) for load - Operational aspect - RFC2870 - Common errors - RFC1912 - Benchmarking tools - queryperf, namebench - Not so well-known options S2: - Anycasting for robustness and performance - Application: AS112 S3: - Logging & monitoring - Monitoring secondaries -> compare SOAs - Monitoring response time -> SmokePing / Nagios - Verifying delegations against reality S4: - Securing DNS - Running securely: chroot setup - Secure zone transfers (AXFR) and TSIG configuration - Monitoring of unauthorized AXFR attempts - DNS cache poisoning, and the rationale for DNSsec Day 3: DNS Security - IDN S1: - DNSSec tutorial S2: - DNSsec hands-on (signing, toolkits) S3: - IDN discussion S4: - Open (Q&A, Evaluation)
Last modified 9 years ago
Last modified on Apr 6, 2010, 1:57:01 PM
Attachments (11)
-
dns-exercises.pdf
(39.5 KB) -
added by regnauld 9 years ago.
DNS exercise I
-
dns-operations-intermediate.pdf
(91.4 KB) -
added by regnauld 9 years ago.
DNS operations
-
dns.pdf
(294.2 KB) -
added by regnauld 9 years ago.
DNS refresher
-
welcome.pdf
(1.1 MB) -
added by regnauld 9 years ago.
Welcone
-
dns-delegation.pdf
(204.1 KB) -
added by regnauld 9 years ago.
DNS Delegation
-
dns-delegation-exercise.pdf
(76.8 KB) -
added by regnauld 9 years ago.
DNS Delegation lab
-
bind-logging.txt
(1.1 KB) -
added by regnauld 9 years ago.
DNS logging
-
bind-transfer.txt
(2.0 KB) -
added by regnauld 9 years ago.
DNS securing zone transfers
-
quick-dnssec-signing-howto.txt
(2.7 KB) -
added by regnauld 9 years ago.
DNSSEC signing howto
-
dnssec-tutorial-2010-04.pdf
(326.5 KB) -
added by regnauld 9 years ago.
DNSSEC tutorial
-
links.txt
(709 bytes) -
added by regnauld 9 years ago.
Links and resources