Initial draft:
Day 1: DNS refreshers - Analysis - Architecture - Software
S1: - Intro
- Presentation of participants, and scope of work
- DNS refreshers, with focus on the more obscure aspects of DNS
- glue records
- ... ?
S2: - Hands on using dig, doc, wireshark
- using 'dig' to debug DNS servers
- using 'doc' to debug zones and delegations
- tcpdump and wireshark
S3: - Reliable Architecture design
- Separation of authoritative and recursive
- Distinct networks (not inside the same AS)
- Avoid RFC1918 ip6.arpa/in-addr.arpa leakage (see AS112)
S4: - Software presentation - BIND, NSD, Unbound
- Use cases
Day 2: Sizing/configuration - Logging & monitoring - DNS Security
S1: - Sizing and deploying a DNS server
- Platform, OS, tuning) for load
- Operational aspect - RFC2870
- Common errors - RFC1912
- Benchmarking tools - queryperf, namebench
- Not so well-known options
S2: - Anycasting for robustness and performance
- Application: AS112
S3: - Logging & monitoring
- Monitoring secondaries -> compare SOAs
- Monitoring response time -> SmokePing / Nagios
- Verifying delegations against reality
S4: - Securing DNS
- Running securely: chroot setup
- Secure zone transfers (AXFR) and TSIG configuration
- Monitoring of unauthorized AXFR attempts
- DNS cache poisoning, and the rationale for DNSsec
Day 3: DNS Security - IDN
S1: - DNSSec tutorial
S2: - DNSsec hands-on (signing, toolkits)
S3: - IDN discussion
S4: - Open (Q&A, Evaluation)
Last modified 9 years ago
Last modified on Apr 6, 2010, 1:57:01 PM
Attachments (11)
-
dns-exercises.pdf
(39.5 KB) -
added by regnauld 9 years ago.
DNS exercise I
-
dns-operations-intermediate.pdf
(91.4 KB) -
added by regnauld 9 years ago.
DNS operations
-
dns.pdf
(294.2 KB) -
added by regnauld 9 years ago.
DNS refresher
-
welcome.pdf
(1.1 MB) -
added by regnauld 9 years ago.
Welcone
-
dns-delegation.pdf
(204.1 KB) -
added by regnauld 9 years ago.
DNS Delegation
-
dns-delegation-exercise.pdf
(76.8 KB) -
added by regnauld 9 years ago.
DNS Delegation lab
-
bind-logging.txt
(1.1 KB) -
added by regnauld 9 years ago.
DNS logging
-
bind-transfer.txt
(2.0 KB) -
added by regnauld 9 years ago.
DNS securing zone transfers
-
quick-dnssec-signing-howto.txt
(2.7 KB) -
added by regnauld 9 years ago.
DNSSEC signing howto
-
dnssec-tutorial-2010-04.pdf
(326.5 KB) -
added by regnauld 9 years ago.
DNSSEC tutorial
-
links.txt
(709 bytes) -
added by regnauld 9 years ago.
Links and resources
