The DNS is a strategic infrastructure, since all internet services for companies, associations and public organisations depend on it. Implementing DNSSEC allows you to secure this infrastructure.
Description and aims of the training course
This training course will enable you to protect your customers and your own infrastructures against any security problems that might penalise your activities. You will learn how to deploy this delicate extention that require advanced technical knowledge and a rigorous exploitation. You will be able to:
- Assess the benefits of deploying DNSSEC in your environment
- Acquire technical knowledge of DNSSEC
- Configure the installation of a validating DNSSEC resolver (Unbound)
- Construct a DNSSEC infrastructure with OpenDNSSEC and manage the keys and BIND to serve the signed zones
Registrars, DNS hosts, professionals of security and the DNS.
- Knowledge of the basics of the DNS
- Familiarity with the UNIX operating system and the TCP/IP network protocols
- At least one year’s experience in the domain name administration business
Stéphane Bortzmeyer, Afnic DNS expert
Face-to-face at your offices or remotely
Find practical information on how to get to our offices.
Final assessment of the training course will be in the form of a multiple-choice questionnaire.
Contact us for a quotation.
Our experts can adapt to your needs and design a custom training course.
If you are a Registrar and a DNS host, DNSSEC adoption for the .fr zone is one of our priorities. Contact us for a personalised firstname.lastname@example.org
Day 1 – Morning: Reminder of the basics
- Functioning of the DNS
- Security of the DNS and associated risks
- Contributions of DNSSEC
Day 1 – Afternoon: Presentation of DNSSEC
- Keys and DNSKEY records
- Signing of records
- Secure delegation
- Proof of non-existence: NSEC and NSEC3 records
Day 2 – Morning: DNSSEC in practice
- Protocol details
- DO bit and transport (EDNS)
- Problems associated with firewalls
- Creation of a zone signed manually
- Validation using Unbound
- Verifying with DIG and DELV
- Identifying the causes of a problem
- Performing tests with Zonemaster and DNSVIZ
- Delegation of a zone
- Renewal of keys
Day 2 – Afternoon: Practical exercises and feedback
- Creation of a signed zone with OpenDNSSEC
- DNSSEC feedback
- In the root zone
- For Top-Level Domains
- Ordinary zones signed
- Storage of keys and HSMs
- Frequently encountered operational problems
27 & 28 octobre 2022
If anyone participating in the training course has a disability, please contact us on +33 (0)1 39 30 83 59 so we can make suitable arrangements.
For more information and dates of upcoming training sessions: