DNSSEC & BIND
A DNSSEC workshop course with lecture and hands-on labs. It is designed for Network and SysAdmin veterans who need to know how to deploy DNSSEC for their organization.
- A quick recap of DNS Fundamentals
- DNS Message Format
- Resource Records
- What is wrong with DNS?
- Basics of Public Key cryptography
- DNSSEC technical overview
- DNSSEC record types
- Key Signing Key and Zone Signing Key
- Combined Signing Key
- One key, two keys, more keys?
- The chain of trust
- BIND signing tools
- Old-style signing
- Key timing values
- DNSSEC Automation
- Signing with BIND 9.6
- Inline signing
- Dynamic Updates
- Signing zones with NSEC / NSEC3
- Easy DNSSEC with BIND 9.16 "default-policy" KASP
- DNSSEC Validation
- Name resolution
- A BIND caching-only, validating name server
- Trust anchors
- Key rollovers
- Emergency rollovers
- DNSSEC Tools
- The importance of monitoring
Who is this for? Networking professionals and DDI administrators.
Length: 3 full days (6 hours/day = 18 hours)
(9:00am - 12:00pm EDT / 1:00pm - 4:00pm EDT)
Prerequisites: Participants for this course need to know how to operate the Unix command line (shell) and have Unix/Linux administration knowledge. Basic knowledge of Internet network protocols IPv6 and IPv4 is required.
Materials required: Participants will require a computer, keyboard and internet connection to access the course.