On this course, you will learn about the basic DNS concepts, configurations, operations and basic security aspects.
DNS is short for Domain Name System. It is part of the internet infrastructure and therefore necessary for web navigation, email distribution and other internet functions.
We will review the principles of the DNS protocol and domain names, and you will learn about the different concepts and tools used when working with DNS. We will end the day by discussing new email and web traffic protection technologies built onto DNS.
Thomas Steen Rasmussen works for internet provider BornFiber as Unix administrator/security manager/developer. He also runs his own one-man business – tyktech. He is involved in the DNS censorship service and similar internet activist projects.
09:00-09:15 Welcome and follow-up on "dig"
There are ongoing exercises during the day, and therefore please install the "dig" tool from the "bind" package, which is published by ISC before the course starts. It can be downloaded at https://www.isc.org/downloads/
09:15-10:30 The history of DNS
DNS is an old system. We take a look back in history and how domain names originated on the Internet. We dive into the technique, protocol and various elements, such as authoritative and recursive name servers. We also address the areas of responsibility for organizations such as ICANN and DK Hostmaster.
10:45-12:15 Common record types
We talk about the usual DNS record types (Time To Live, caching and other tools). We also discuss delegation in DNS - branches in the DNS tree.
13:15-14:00 RBL, SPF, DKIM, DMARC
After lunch, we continue with a brief introduction to modern security mechanisms in DNS. We look at DNS over TLS and other privacy actions in DNS. We are talking about email security based on DNS, including blocking lists (RBL), SPF, DKIM, and DMARC.
We discuss common sources of error in connection with DNS. Here you will be introduced to debugging techniques that can help you solve or eliminate DNS issues faster.
15:00-16:00 Security – introduction to DNSSEC & DANE
We end the day with an intro to DNSSEC, which is a security enhancement for the protection of DNS. Finally, we look at the PKI and CA system based on DANE / TLSA and CAA records that use DNSSEC's secure DNS infrastructure to improve the security of TLS connections (eg HTTPS).
For those who want to dive deeper into these topics, we have advanced courses in the following days.
This course is for network engineers, system administrators and anyone who wants to learn more about DNS. The first half of the course is very basic and is for DNS beginners and intermediate level users.
Date: April 13th 2021
Time: 9.00 am to 4.00 pm
Address: Remote. You will receive an invite the day before the course
Send an email to firstname.lastname@example.org with the course title, your name and your company name.