DNS Workshop

Day 1: DNS refreshers – Analysis – Architecture – Software

S1: - Intro, Presentation of participants, and scope of work
- DNS refreshers, with focus on the more obscure aspects of DNS
S2: - Hands on using dig, doc, wireshark
- using ‘dig’ and ‘doc’ to debug DNS servers, zones and delegations
- tcpdump and wireshark
S3: - Reliable Architecture design
- Separation of authoritative and recursive
- Distinct networks (not inside the same AS)
- Avoid RFC1918 ip6.arpa/in-addr.arpa leakage (see AS112)
S4: - Software presentation – BIND, NSD, Unbound and use cases

Day 2: Sizing/configuration – Logging & monitoring – DNS Security

S1: - Sizing and deploying a DNS server
- Platform, OS, tuning) for load
- Operational aspect – RFC2870 & common errors – RFC1912
- Benchmarking tools – queryperf, namebench
S2: - Anycasting for robustness and performance
- Application: AS112
S3: - Logging & monitoring
- Monitoring secondaries -> compare SOAs
- Monitoring response time -> SmokePing / Nagios
- Verifying delegations against reality
S4: - Securing DNS
- Running securely: chroot setup
- Secure zone transfers (AXFR) and TSIG configuration
- Monitoring of unauthorized AXFR attempts
- DNS cache poisoning, and the rationale for DNSsec

Day 3: DNS Security – IDN

S1: - DNSSec tutorial
S2: - DNSsec hands-on (signing, toolkits)
S3: - IDN discussion
S4: - Open (Q&A, Evaluation)