DNS for technicians
The course is an introduction to DNS for technicians who want insight into and knowledge of the technical aspects of DNS. If you are looking for a more basic introduction to DNS, we recommend the course: "DNS for administrators" on November 4th.
In this course, you will learn to understand DNS concepts, configurations, and operation.
We review the principles of the DNS protocol and domain names. You will learn about the different concepts and tools used in working with DNS, as well as get a brief introduction to DNSSEC.
After lunch, we introduce old and new DNS based techniques for protection of e-mail and web traffic: SPF, DKIM, DMARC, ARC etc.
At the end of the day, we dive into TLSA, CAA and other security mechanisms that are made possible by DNSSEC.
The course is held physically, but it is also possible to participate remotely.
Instructor
Thomas Steen Rasmussen works for internet provider BornFiber as Unix administrator/security manager/developer. He also runs his own one-man business – tyktech. He is involved in the DNS censorship service and similar internet activist projects.
Agenda
The course takes place online and requires nothing more than a laptop with a web browser and an SSH client to participate. It's most fun if you have a microphone and camera, but it's not a requirement.
09:00 - 09:15: Welcome and follow-up on SSH access. There will be exercises during the day. The exercises take place on a server which is accessed via SSH. Therefore, please install PuTTY if you are using Windows. It can be downloaded by following the link at the top of https://putty.org/. Mac and Linux users already have an SSH client.
09:15 - 10:30: The History of DNS
DNS is an old system. We take a look back at history and look at how domain names originated on the Internet. We dive into the technique, the protocol, and the various elements, such as authoritative and recursive name servers. We also discuss the areas of responsibility for organizations such as ICANN and DK Hostmaster.
10:30 - 10.45: Break
10:45 - 12:15: Common record types
We get into the common DNS record types A, MX, AAAA, etc. We also introduce concepts such as ‘Time To Live’, ‘caching’ and other tools. We also discuss delegation in the DNS branches of the DNS tree and introduce DNSSEC.
12:15 - 13:15: Lunch break
13:15 - 14:00: Email and DNS - RBL, SPF, DKIM, DMARC
After lunch, we continue with a brief introduction to email security mechanisms in DNS. Based on DNS, we are talking about spam, blocking lists (RBL), SPF, DKIM, DMARC and CAA.
14:00 - 14:45: Troubleshooting
We are talking about common sources of error associated with DNS. You will be introduced to troubleshooting techniques that can help you solve or rule out DNS problems more quickly in the future.
14:45 - 15:00: Pause
15:00 - 16:00: Security - intro to DNSSEC & DANE
We end the day with an introduction to DNSSEC, which is a security superstructure for DNS protection. Finally, we look at the PKI and CA system based on DANE / TLSA and CAA records, which use DNSSEC's secure DNS infrastructure to improve the security of TLS connections (eg HTTPS).
16:00 - 16.30: Q&A
Target audience
This course is for network engineers, system administrators and anyone who wants to learn more about DNS. The first half of the course is very basic and is targeted at DNS beginners and easy practitioners. After lunch we go more in depth with the technical areas.
Practical information
Date: November 7, 2022
Time: 9.00 am to 4.30 pm
Address: Ørestads Boulevard 108, 2300 Copenhagen S
Price: Free
Language: Danish
Meals: Breakfast and lunch
Registration
Send an email to registration@dk-hostmaster.dk with the course title, your name and your company name. Please note, if you wish to participate on loacation or remote.
