DNSSEC & BIND
A DNSSEC workshop course with lecture and hands-on labs. It is designed for Network and SysAdmin veterans who need to know how to deploy DNSSEC for their organization.
Who is this for? Networking professionals and DDI administrators.
Length: 3 full days (6 hours/day = 18 hours)
(9:00am - 12:00pm EDT / 1:00pm - 4:00pm EDT)
Topics Covered:
- A quick recap of DNS Fundamentals
- Namespace
- Delegation
- DNS Message Format
- Resolution
- Caching
- Resource Records
- What is wrong with DNS?
- Basics of Public Key cryptography
- DNSSEC technical overview
- DNSSEC record types
- DNSKEY
- RRSIG
- DS
- NSEC
- NSEC3
- Key Signing Key and Zone Signing Key
- Combined Signing Key
- One key, two keys, more keys?
- The chain of trust
- BIND signing tools
- Old-style signing
- Key timing values
- DNSSEC Automation
- Signing with BIND 9.6
- Inline signing
- Dynamic Updates
- Signing zones with NSEC / NSEC3
- Easy DNSSEC with BIND 9.16 "default-policy" KASP
- DNSSEC Validation
- Name resolution
- A BIND caching-only, validating name server
- Trust anchors
- Key rollovers
- Necessity
- Pre-publication
- Emergency rollovers
- DNSSEC Tools
- The importance of monitoring
Prerequisites: Participants for this course have either previusly completed the DNS & BIND Jump Start training or have equivalent knowledge and experience. Participants should have experience with the Unix command line (shell) and have Unix/Linux administration knowledge. Knowledge of Internet network protocols IPv6 and IPv4 is required.
Materials required: Participants will require a computer, keyboard and internet connection to access the course.
Completion certificates: Digital participation badges are issued upon completion of the in-class training.
DNSSEC & BIND Professional Certification: Participants in this training are permitted 1 month to to write the DNSSEC & BIND Professional Certification exam and earn this certification.
Private Class: This training is available for private booking - please contact us at learn@bluecatnetworks.com.