PacNOG PacNOG
PacNOG Mirror Site (US)
Kindly hosted by NSRC 		PacNOG Main Page
PacNOG 9 Home

PacNOG 9: Track 2 - Robust & Reliable DNS operations

Topics

  • DNS concepts
  • BIND (DNS server) and Resolver (DNS client) configurations
  • Setting up domains
  • DNS debugging tools, troubleshooting, and techniques
  • Reverse DNS
  • RNDC
  • Access control lists
  • Split DNS
  • TSIG
  • Secured dynamic updates
  • DNS security extensions (DNSSEC)
  • DNS and IPv6

Target audience

Network/systems administrators and engineers from ISP/REN/Universities or corporations, who are responsible for DNS service, and operating authoritative and/or recursive DNS installations.

Pre-requisites

  • Medium to good knowledge of the UNIX/Linux command line environment
  • Basic understanding of DNS (this course is not an introduction)
  • Basic knowledge of TCP/IP networking
  • PARTICIPANTS ARE REQUIRED TO BRING A LAPTOP

Goals

  • DNS Design principles
    • Learn to design, deploy and operate reliable authoritative and recursive DNS architectures
  • DNS Server software, tools and techniques
    • Learn about BIND, Unbound, and NSD
    • Learn to use tools like dig, doc, dnsviz, zonecheck
  • Deploying DNS Servers
    • Learn best practices on implementating DNS service, including service separation, monitoring, logging
    • Learn to configure a DNS server to perform under high load
  • Securing DNS Servers, DNSSEC
    • Learn about the newest security mechanism for DNS, DNSSEC, including zone signature, and automated DNSSEC management using OpenDNSSEC
  • IDN - Internationalized Domain Names
    • Internationalized Domain Names: how it works, and what it means for DNS operators

Dates

  • Track 2: Tuesday, 28th June - Saturday 2nd July

Instructors

Course Outline

  • Day 1: DNS refreshers - Debugging - Architecture
    • Intro
    • Presentation of participants, and workshop overview
    • Presentation: Quick overview on DNS protocol and architecture
    • Lab 1: Introduction to the environment
    • Lab 2: Using dig
    • Lab 3: More hands on using dig, doc, wireshark
    • Lab 4: basic DNS statistics with dnstop
    • Presentation: Reliable Architecture design
    • Lab 5: Service separation
    • DISCUSSION TOPICS:
      • GSLB, Load Balancing in general
      • Databases and DNS
  • Day 2: DNS Software, Sizing/configuration, Anycast
    • Presentation: Software platforms - BIND, NSD, Unbound
    • Lab 6: Software configuration
    • Presentation: Configuration & tuning
    • Presentation: Anycasting for robustness and performance
    • Lab 7: Anycasting
  • Day 3: Logging & Monitoring, DNS Security
    • Presentation: Log management & monitoring
    • Lab 8: Log management & service monitoring
    • Presentation: DNS security
    • Lab 9: DNS security
  • Day 4: DNS and the network, DNSSEC
    • Presentation: DNS and IPv6
    • Lab 10: IPv6
    • Presentation: DNS & Firewalls
    • Presentation: Introduction to DNSSEC
  • Day 5: DNSSEC Hands-on
    • Tutorial: DNSSEC hands-on
    • Lab 11: Zone signing
    • Lab 12: Automation using OpenDNSSEC
    • Presentation: IDN
    • Lab 13: Deploy IDN

Workshop Materials

The workshop materials and working configurations for each of the lab exercise are available on the Wiki site for this workshop.

  Last modified: Wed Jun 19 12:46:03 CLT 2010