DNSSEC & BIND

A DNSSEC workshop course with lecture and hands-on labs. It is designed for Network and SysAdmin veterans who need to know how to deploy DNSSEC for their organization. Who is this for? Networking professionals and DDI administrators. Length: 3 full days (6 hours/day = 18 hours)(9:00am - 12:00pm EDT / 1:00pm - 4:00pm EDT) Topics Covered: A quick recap of DNS Fundamentals Namespace Delegation DNS Message Format Resolution Caching Resource Records What is wrong with DNS? Basics of Public Key cryptography DNSSEC technical overview DNSSEC record types DNSKEY RRSIG DS NSEC NSEC3 Key Signing Key and Zone Signing Key Combined Signing Key One key, two keys, more keys? The chain of trust BIND signing tools Old-style signing Key timing values DNSSEC Automation Signing with BIND 9.6 Inline signing Dynamic Updates Signing zones with NSEC / NSEC3 Easy DNSSEC with BIND 9.16 "default-policy" KASP DNSSEC Validation Name resolution A BIND caching-only, validating name server Trus