BSDCan2015 - ZI

BSDCan 2015
The Technical BSD Conference

Massimiliano Stucchi
Philip Paeps
Day Tutorials #2 - 11 June - 2015-06-11
Room DMS 1120
Start time 09:00
Duration 03:00
ID 584
Event type Workshop
Track Tutorial
Language used for presentation English

DNSSEC tutorial

Security is becoming a more important topic, as our lives become more and more digital, and the press puts continuous emphasis on personal data being stolen. DNSSEC is a step towards a more secure experience on the internet, giving us a certain safety that the website we're browsing is the correct one. It requires, though, an added level of configuration from system and network administrators. This tutorial aims at making IT professionals comfortable with the technology and with its implementations.

After this tutorial you will:

  • Understand the basic concepts of DNS Security;
  • Know how to configure a DNSSEC-enabled resolver for your network;
  • Know how to configure basic DNSSEC for your domains;
  • Know how to configure reverse DNSSEC records for your networks;
  • Be familiar with DNSSEC-related tools and procedures;
  • Know how to troubleshoot basic DNSSEC problems.

Tutorial contents:

Introduction to DNS Introduction to cryptography Introduction to DNSSEC Configuring a DNSSEC resolver DNSSEC zone records Key management and rollover Securing zone transfers Reverse Delegations Distributing secure data with DNSSEC DNSSEC troubleshooting Tools

This tutorial doesn’t cover:

The basics of routing, or any technical routing topics How to receive IP addresses from the RIPE NCC How to operate a Local Internet Registry (LIR) The methodology:

The DNSSEC tutorial is based on hands-on practical exercises and demonstrations. Throughout the day, various exercises and demonstrations will get you familiar with DNSSEC and allow you to practice your newly learned skills. You will receive a USB stick containing the course material and a printed version of the slides. Prerequisites:

  • Basic knowledge of the Domain Name System
  • Basic experience in managing BIND configuration and zone files

The material you need to bring:

Please bring your laptop. This tutorial is based on interactive exercises via a web browser. Your laptop should:

  • Be able to connect to a wireless network
  • Have a web browser installed
  • Have the chance to run a terminal software to remotely connect via SSH to a server