Initial draft:

Day 1: DNS refreshers - Analysis - Architecture - Software

S1: - Intro
    - Presentation of participants, and scope of work
    - DNS refreshers, with focus on the more obscure aspects of DNS
		- glue records
		- ... ?

S2: - Hands on using dig, doc, wireshark

      - using 'dig' to debug DNS servers
      - using 'doc' to debug zones and delegations
      - tcpdump and wireshark

S3: - Reliable Architecture design

    - Separation of authoritative and recursive
    - Distinct networks (not inside the same AS)
	- Avoid RFC1918 ip6.arpa/in-addr.arpa leakage (see AS112)

S4: - Software presentation - BIND, NSD, Unbound
      - Use cases

Day 2: Sizing/configuration - Logging & monitoring - DNS Security

S1: - Sizing and deploying a DNS server
      - Platform, OS, tuning) for load
	  - Operational aspect - RFC2870 
      - Common errors - RFC1912
      - Benchmarking tools - queryperf, namebench
 	  - Not so well-known options

S2: - Anycasting for robustness and performance
	  - Application: AS112

S3: - Logging & monitoring
	  - Monitoring secondaries -> compare SOAs
	  - Monitoring response time -> SmokePing / Nagios
	  - Verifying delegations against reality

S4: - Securing DNS
      - Running securely: chroot setup
      - Secure zone transfers (AXFR) and TSIG configuration
      - Monitoring of unauthorized AXFR attempts
      - DNS cache poisoning, and the rationale for DNSsec

Day 3: DNS Security - IDN

S1: - DNSSec tutorial
S2: - DNSsec hands-on (signing, toolkits)
S3: - IDN discussion
S4: - Open (Q&A, Evaluation)

Last modified 9 years ago Last modified on Apr 6, 2010, 1:57:01 PM

Attachments (11)