Workshop on DNS and DNSSEC

Why does it take some time to propagate your DNS changes? Why did the world move to Ipv6? How to secure your systems from DNS vulnerabilities? By the end of this course, you will have a strong foundation on how DNS works and you can start boring your friends by talking all about it.

Why attend?

At the end of this course, participants will be familiar with the Domain Name System and Security Extensions to the Domain Name System (DNSSEC). The course is taught “hands-on” in a virtualized FreeBSD environment using the BIND, NSD and Unbound name server implementations. Participants will configure authoritative and recursive domain name servers and will learn to analyse and debug common misconfigurations and bugs. Who knows, this could be your way to a DNS admin job!

Who is it for?

Participants should be familiar with Unix-style operating systems. The course is taught on FreeBSD but the environment will be familiar to people with a systems administration background on Linux or Solaris. The virtualized lab environment is hosted on a server in Germany.

What will you learn?

Introduction to DNS
- Resource records
- Delegation
- Queries, responses and flags
- Understanding the data flow
Querying and debugging the DNS
- dig, drill, host, nslookup
- tcpdump
Resolving a domain step by step
Configuring authoritative DNS servers
- Writing and analysing zonefiles
- Delegating authority
- Debugging common zonefile problems
A very brief introduction to cryptography

Configuring secondary DNS servers
- Setting up TSIG to secure zone transfers
- Debugging common zone transfer issues
Configuring recursive DNS servers
Introduction to DNSSEC
- New resource records and flags
- Validating signatures
Signing your own domains
- Keeping signatures valid
- Key management: best practices
Preserving your sanity
- Automatic signing and rollover
- Brief introduction to OpenDNSSEC

About the instructor

Philip Paeps (“Trouble”)

Trouble is an independent consultant and contractor based in Belgium. He provides research and development on low-level software and operating systems, particularly in an embedded or real-time context. His main interests are bootloaders, device drivers and high-performance networking. He can also be convinced to teach courses and workshops on a variety of networking-related topics. In his so-called free time, Philip is a FreeBSD committer contributing mainly to the kernel and a member of the FreeBSD security team. He was one of the main organisers of FOSDEM, the largest annual open source software conference in Europe, from the early 2000s until 2015. He denies having any involvement with amateur radio or tabletop role playing games.