Products
Training
Private/on-site

DNSSEC & BIND (December 1-3)

Classroom-style DNSSEC workshop course with lecture and hands-on labs.

General description

This 3-day DNSSEC Workshop is a classroom style course with lecture and hands-on labs. Limited seating. It is designed for Network and SysAdmin veterans who need to know how to deploy DNSSEC for their organization. Students are expected to be familiar with the UNIX environment (file structure, basic utilities) and with text editing in UNIX (vi or nano editor). A basic knowledge of TCP/IP addressing is also helpful but not required.

Syllabus

  • —  A quick recap of DNS Fundamentals
  • —  Namespace
  • —  Delegation
  • —  DNS Message Format
  • —  Resolution
  • —  Caching
  • —  Resource Records
  • —  What is wrong with DNS?
  • —  Basics of Public Key cryptography
  • —  DNSSEC technical overview
  • —  DNSSEC record types
  • —  DNSKEY
  • —  RRSIG
  • —  DS
  • —  NSEC
  • —  NSEC3
  • —  Key Signing Key and Zone Signing Key
  • —  Combined Signing Key
  • —  One key, two keys, more keys?
  • —  The chain of trust
  • —  BIND signing tools
  • —  Old-style signing
  • —  Key timing values
  • —  DNSSEC Automation
  • —  Signing with BIND 9.6
  • —  Inline signing
  • —  Dynamic Updates
  • —  Signing zones with NSEC / NSEC3
  • —  Easy DNSSEC with BIND 9.16 "default-policy" KASP
  • —  DNSSEC Validation
  • —  Name resolution
  • —  A BIND caching-only, validating name server
  • —  Trust anchors
  • —  Key rollovers
  • —  Necessity
  • —  Pre-publication
  • —  Emergency rollovers
  • —  DNSSEC Tools
  • —  The importance of monitoring