BSDCan2013 - Final
BSDCan 2013
The Technical BSD Conference
| Speakers | |
|---|---|
|
Michael W. Lucas |
| Schedule | |
|---|---|
| Day | Tutorials - Day 1 - 2013-05-15 |
| Room | MRT 221 |
| Start time | 09:00 |
| Duration | 03:00 |
| Info | |
| ID | 374 |
| Event type | Lecture |
| Track | Tutorial |
| Language used for presentation | English |
DNSSec
Theory, Troubleshooting, and Deployment with BIND
Students will learn the principles behind DNSSec, how to troubleshoot DNSSec, and how to deploy DNSSec in a way that fits their environment.
DNS is among the world's most successful distributed databases. For a protocol deployed in 1983, it's done well. But today's Internet gives intruders financial incentive to break this elderly protocol.
DNS Security Extensions prevent a wide variety of attacks, and secure the Domain Name Service against false data at the server, during transit, and at the client. DNSSec is notoriously complicated, but newer versions of BIND have eased deployment for certain environments. We will cover:
- the design of DNSSec
- troubleshooting DNSSec with dig and other tools
- attaching your domains to the DNSSec trust anchors
- key and signature rotation
- manual and automated key verification
- using DNSSec to distribute SSL certificates, SSH host keys, and more
Students should already understand basic DNS, including: master and slave servers, basic use of dig or nslookup, domain registrars, forward and reverse DNS, and basic TCP/IP.