DNS Workshop

Day 1: DNS refreshers - Analysis - Architecture - Software

S1: - Intro, Presentation of participants, and scope of work
    - DNS refreshers, with focus on the more obscure aspects of DNS
S2: - Hands on using dig, doc, wireshark
      - using 'dig' and 'doc' to debug DNS servers, zones and delegations
      - tcpdump and wireshark
S3: - Reliable Architecture design
    - Separation of authoritative and recursive
    - Distinct networks (not inside the same AS)
        - Avoid RFC1918 ip6.arpa/in-addr.arpa leakage (see AS112)
S4: - Software presentation - BIND, NSD, Unbound and use cases

Day 2: Sizing/configuration - Logging & monitoring - DNS Security

S1: - Sizing and deploying a DNS server
      - Platform, OS, tuning) for load
      - Operational aspect - RFC2870 & common errors - RFC1912
      - Benchmarking tools - queryperf, namebench
S2: - Anycasting for robustness and performance
          - Application: AS112
S3: - Logging & monitoring
          - Monitoring secondaries -> compare SOAs
          - Monitoring response time -> SmokePing / Nagios
          - Verifying delegations against reality
S4: - Securing DNS
      - Running securely: chroot setup
      - Secure zone transfers (AXFR) and TSIG configuration
      - Monitoring of unauthorized AXFR attempts
      - DNS cache poisoning, and the rationale for DNSsec

Day 3: DNS Security - IDN

S1: - DNSSec tutorial
S2: - DNSsec hands-on (signing, toolkits)
S3: - IDN discussion
S4: - Open (Q&A, Evaluation)