DNS Workshop

Day 1: DNS refreshers – Analysis – Architecture – Software

S1: - Intro, Presentation of participants, and scope of work
– DNS refreshers, with focus on the more obscure aspects of DNS
S2: - Hands on using dig, doc, wireshark
– using ‘dig’ and ‘doc’ to debug DNS servers, zones and delegations
– tcpdump and wireshark
S3: - Reliable Architecture design
– Separation of authoritative and recursive
– Distinct networks (not inside the same AS)
– Avoid RFC1918 ip6.arpa/in-addr.arpa leakage (see AS112)
S4: - Software presentation – BIND, NSD, Unbound and use cases

Day 2: Sizing/configuration – Logging & monitoring – DNS Security

S1: - Sizing and deploying a DNS server
– Platform, OS, tuning) for load
– Operational aspect – RFC2870 & common errors – RFC1912
– Benchmarking tools – queryperf, namebench
S2: - Anycasting for robustness and performance
– Application: AS112
S3: - Logging & monitoring
– Monitoring secondaries -> compare SOAs
– Monitoring response time -> SmokePing / Nagios
– Verifying delegations against reality
S4: - Securing DNS
– Running securely: chroot setup
– Secure zone transfers (AXFR) and TSIG configuration
– Monitoring of unauthorized AXFR attempts
– DNS cache poisoning, and the rationale for DNSsec

Day 3: DNS Security – IDN

S1: - DNSSec tutorial
S2: - DNSsec hands-on (signing, toolkits)
S3: - IDN discussion
S4: - Open (Q&A, Evaluation)