Rootconf 2016

Rootconf is India's principal conference where systems and operations engineers share real world knowledge about building resilient and scalable systems.


DNSSEC workshop

Submitted by Philip Paeps (@trouble) on Sunday, 20 December 2015

Section: Workshop Technical level: Advanced Status: Confirmed


At the end of this course, participants will be familiar with the Domain Name System and Security Extensions to the Domain Name System (DNSSEC). The course is taught “hands-on” in a virtualized FreeBSD environment using the BIND, NSD and Unbound name server implementations. Participants will configure authoritative and recursive domain name servers and will learn to analyse and debug common misconfigurations and bugs.


Hands on DNS and DNSSEC.
Three day course.


Participants should be familiar with Unix-style operating systems. The course is taught on FreeBSD but the environment will be familiar to people with a systems administration background on Linux or Solaris. Participants should bring their own laptops. The virtualised lab environment is hosted on a server in Germany. Reliable internet connectivity with reasonable latency is required.

Speaker bio

Philip Paeps (“trouble”) is an independent consultant and contractor based in Belgium. He provides research and development on low-level software and operating systems, particularly in an embedded or real-time context. His main interests are bootloaders, device drivers and high-performance networking. He can also be convinced to teach courses and workshops on a variety of networking-related topics.

In his so-called free time, Philip is a FreeBSD committer contributing mainly to the kernel and a member of the FreeBSD security team. He was one of the main organisers of FOSDEM, the largest annual open source software conference in Europe, from the early 2000s until 2015. He denies having any involvement with amateur radio or tabletop role playing games.




  •   Philip Paeps (@trouble) Proposer 4 years ago

    I could make this longer or shorter as required. Well … longer anyway. Shorter is tricky.

    The slidedeck I pointed to is the version I taught in Sudan last August. Workshops evolve, but I expect the course in April to be substantially similar to this.

  •   Zubair Sharief (@mzs) 4 years ago

    @~ trouble
    It will be good to know which DNS will be used for the talk/demo, also a comparison of Unbound with BIND will be good. ( hopeful it will be inside Jails ;)

  •   Philip Paeps (@trouble) Proposer 4 years ago

    Participants are divided in groups of two or three and each group gets three jails: one running NSD, one running BIND and one running Unbound. There are excercises on configuring them in different roles.

    BIND, NSD and Unbound are discussed in some detail. I also mention other implementations in passing. I’ll edit the workshop summary to relect this.

Login with Twitter or Google to leave a comment