BSDCan2013 - Final

BSDCan 2013
The Technical BSD Conference

Michael W. Lucas
Day Tutorials - Day 1 - 2013-05-15
Room MRT 221
Start time 09:00
Duration 03:00
ID 374
Event type Lecture
Track Tutorial
Language used for presentation English


Theory, Troubleshooting, and Deployment with BIND

Students will learn the principles behind DNSSec, how to troubleshoot DNSSec, and how to deploy DNSSec in a way that fits their environment.

DNS is among the world's most successful distributed databases. For a protocol deployed in 1983, it's done well. But today's Internet gives intruders financial incentive to break this elderly protocol.

DNS Security Extensions prevent a wide variety of attacks, and secure the Domain Name Service against false data at the server, during transit, and at the client. DNSSec is notoriously complicated, but newer versions of BIND have eased deployment for certain environments. We will cover:

  • the design of DNSSec
  • troubleshooting DNSSec with dig and other tools
  • attaching your domains to the DNSSec trust anchors
  • key and signature rotation
  • manual and automated key verification
  • using DNSSec to distribute SSL certificates, SSH host keys, and more

Students should already understand basic DNS, including: master and slave servers, basic use of dig or nslookup, domain registrars, forward and reverse DNS, and basic TCP/IP.