Make a submission

Submissions are closed for this project

HasGeek House

Why does it take some time to propagate your DNS changes? Why did the world move to Ipv6? How to secure your systems from DNS Vulnerabilities? By the end of this course, you will you will have a strong foundation on how DNS works and you can start boring your friends by talking all about it :)

Why attend?

At the end of this course, participants will be familiar with the Domain Name System and Security Extensions to the Domain Name System (DNSSEC). The course is taught “hands-on” in a virtualised FreeBSD environment using the BIND, NSD and Unbound name server implementations. Participants will configure authoritative and recursive domain name servers and will learn to analyse and debug common misconfigurations and bugs. Who knows, this could be your way to a DNS admin job!

Who is it for?

Participants should be familiar with Unix-style operating systems. The course is taught on FreeBSD but the environment will be familiar to people with a systems administration background on Linux or Solaris. The virtualised lab environment is hosted on a server in Germany.

What will you learn?

Introduction to DNS

  • Resource records
  • Delegation
  • Queries, responses and flags
  • Understanding the data flow

Querying and debugging the DNS

  • dig, drill, host, nslookup
  • tcpdump

Resolving a domain step by step

Configuring authoritative DNS servers

  • Writing and analysing zonefiles
  • Delegating authority
  • Debugging common zonefile problems

A very brief introduction to cryptography

Configuring secondary DNS servers

  • Setting up TSIG to secure zone transfers
  • Debugging common zone transfer issues

Configuring recursive DNS servers

Introduction to DNSSEC

  • New resource records and flags
  • Validating signatures

Signing your own domains

  • Keeping signatures valid
  • Key management: best practices

Preserving your sanity

  • Automatic signing and rollover
  • Brief introduction to OpenDNSSEC

Trainer Bio

Philip Paeps


Philip Paeps (“trouble”) is an independent consultant and contractor based in Belgium. He provides research and development on low-level software and operating systems, particularly in an embedded or real-time context. His main interests are bootloaders, device drivers and high-performance networking. He can also be convinced to teach courses and workshops on a variety of networking-related topics. In his so-called free time, Philip is a FreeBSD committer contributing mainly to the kernel and a member of the FreeBSD security team. He was one of the main organisers of FOSDEM, the largest annual open source software conference in Europe, from the early 2000s until 2015. He denies having any involvement with amateur radio or tabletop role playing games.

Note: This is a paid workshop.


HasGeek House

Make a submission

Submissions are closed for this project

HasGeek House

This project is brought to you by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from... Read more