This is a technical workshop, made of up lecture and hands-on lab work to teach DNS and DNS Security Extentions targeted at operators who are responsible for the DNS services in their organization.
Target Audience
Network/systems administrators and engineers from ISP/REN/Universities or corporations, who are responsible for DNS service, and operating authoritative and/or recursive DNS installations.
Pre-Requisites
Medium to good knowledge of the UNIX/Linux command line environment
Basic understanding of DNS (this course is not an introduction)
Basic knowledge of TCP/IP networking
PARTICIPANTS ARE REQUIRED TO BRING A LAPTOP
Workshop Topics
DNS concepts
BIND (DNS server) and Resolver (DNS client) configurations
Setting up domains
DNS debugging tools, troubleshooting, and techniques
Reverse DNS
RNDC
Access control lists
TSIG
Secured dynamic updates
DNS security extensions (DNSSEC)
DNS and IPv6
Objectives
At the end of the workshop students will be able to:
Explain core DNS concepts such as delegation, replication, authoritative vs recursive resolovers.
Configure DNS servers, such as BIND and NSD, and DNS resolver software configurations
Create a new domain and successfully have it delegated and tested as operational.
Use DNS debugging tools to perform troubleshooting techniques
Explain the structure of Reverse DNS for IPc4 and IPv6 address familes and have them successfully delegated.
Be able to use name server control software such as RNDC, NSDC and unbound-control to administer a production system
Create Access control lists to manage connections to a DNS hidden master.
Use TSIG to control access between slave and master servers and secure dynamic updates.
Explain core DNS security extensions (DNSSEC) concepts such as RRSETs, Zone Keys, DS Records.
Explain and be able to mitigate any increased risks to production system stability due to the deployement of DNSSEC.
Explain core concepts related to common key management policy documents.