Day 1: DNS refreshers – Analysis – Architecture – Software
| S1: | - Intro, Presentation of participants, and scope of work - DNS refreshers, with focus on the more obscure aspects of DNS |
| S2: | - Hands on using dig, doc, wireshark - using ‘dig’ and ‘doc’ to debug DNS servers, zones and delegations - tcpdump and wireshark |
| S3: | - Reliable Architecture design - Separation of authoritative and recursive - Distinct networks (not inside the same AS) - Avoid RFC1918 ip6.arpa/in-addr.arpa leakage (see AS112) |
| S4: | - Software presentation – BIND, NSD, Unbound and use cases |
Day 2: Sizing/configuration – Logging & monitoring – DNS Security
| S1: | - Sizing and deploying a DNS server - Platform, OS, tuning) for load - Operational aspect – RFC2870 & common errors – RFC1912 - Benchmarking tools – queryperf, namebench |
| S2: | - Anycasting for robustness and performance - Application: AS112 |
| S3: | - Logging & monitoring - Monitoring secondaries -> compare SOAs - Monitoring response time -> SmokePing / Nagios - Verifying delegations against reality |
| S4: | - Securing DNS - Running securely: chroot setup - Secure zone transfers (AXFR) and TSIG configuration - Monitoring of unauthorized AXFR attempts - DNS cache poisoning, and the rationale for DNSsec |
Day 3: DNS Security – IDN
| S1: | - DNSSec tutorial |
| S2: | - DNSsec hands-on (signing, toolkits) |
| S3: | - IDN discussion |
| S4: | - Open (Q&A, Evaluation) |