Events‎ > ‎

DNSSEC workshop – March 19 to 21, 2013


Within the framework of DNSSEC Task Force, ISOC Lebanon in collaboration with the Internet Corporation for Assigned Names and Numbers (ICANN), Network Startup Resource Center (NSRC), and Berytech, organized a DNS/DNSSEC workshop in Beirut. 

Participants from ISPs, universities, banks and various sectors (29 Internet technologists) attended the workshop. 

The workshop was provided by Phil Regnauld, Richard Lamb and Randy Bush who are world authority experts in the DNS/DNSSEC field.



Agenda:

Day 1

Topic

Inst

Presentations

Exercises

Session 1

Intro/welcome

RL/PR

PDF

DNS basics

PR

PDF

Session 2

DNS basics (cont'd)

Software overview

PR

PDF

Session 3

Lab intro

PR

Introduction to the lab environment

Lab: Setup BIND caching

TXT

Lab: Hands-on DNS

dig TXT

Lab: Create a zone

TXT

(Zone delegation)

Lab: NSD config

TXT

Lab: Unbound config

TXT

Session 4

Logging

TSIG

Logging: TXT | SKIP (Swatch: TXT)

TSIG (security)

TSIG: TXT

Day 2

Topic

Inst

Presentations

Exercises

Session 1

Intro to DNSSEC

PR

PDF

Problems in the DNS

Session 2

DNSSEC (cont'd)

Session 3

Signing hands-on

Live signing demo

TXT

Session 4

Lab: DNSSEC signing with BIND

Unbound DNSSEC validation:TXT

Lab: Manual rollover

ZSK: TXT | KSK: TXT

Lab: Inline signing

BIND inline signing: TXT

Day 3

Topic

Inst

Presentations

Exercises

Session I

DNSSEC Design

RL

PDF

Session II

DNSSEC: Sensible Signing Parameters

PDF

Session III

Lab: OpenDNSSEC

TXT

OpenDNSSEC

KSK ZSK

Session IV

Lab: Rollover

TXT

Closing

SURVEY

Invite:

Within the framework of DNSSEC Task Force, ISOC Lebanon in collaboration with the Internet Corporation for Assigned Names and Numbers (ICANN), Network Startup Resource Center (NSRC), and Berytech, is pleased to invite you to attend a DNS/DNSSEC workshop in Beirut. Or to nominate one or two network engineers currently employed by your organization to attend the DNSSEC workshop and become part of the DNSSEC core team. The nominee should have a solid background in DNS, previous experience with DNSSEC is not necessary.

The workshop will be provided by Phil Regnauld, Richard Lamb and Randy Bush who are world authority experts in the DNS/DNSSEC field.

Workshop:            DNSSEC Workshop

Date:                     March 19 to 21, 2013 (8:00 am to 5:00 pm).

Venue:                  Berytech Mathaf (near National Museum).

Fees:                      ISOC-LB will charge a nominal fee of USD 300 per attendee

Capacity:             Limited to 30 participants

Registration:        Attendees should fill an application form online before February 18, 2013 at:

https://docs.google.com/spreadsheet/viewform?fromEmail=true&formkey=dC1xM0tpOUpKVW5nd1doRElMMzBtc1E6MQ

Selected applicants for the training will be notified by e-mail by February 28, 2013.

DNSSEC Task Force Background:

The Internet Society Lebanon Chapter - ISOC LB is setting up a DNSSEC taskforce responsible for putting a strategy and implementing it across Lebanon to secure the domain name servers an infrastructure and transition them to DNSSEC.

DNSSEC is a key element of any broad-based cybersecurity strategy. Hackers continue to exploit the security weakness of DNS to their advantage. By caching address information, name servers don’t have to look up the IP address every time a frequently visited site is accessed, and this speeds up the experience for end users. If hackers are able to insert a bogus IP address into a cache, however, all users of that name server will be directed to the wrong site (until the cache expires and is refreshed). Corrupting the operation of DNS in this way can lead to many kinds of fraud and other malicious activity. By plugging some of the largest security holes in the Internet, DNSSEC has the potential to significantly expand the trustworthiness—and thus the usefulness—of the Internet as a whole.

DNSSEC Workshop Agenda:

Following is the agenda of the 3 days DNSSEC workshop (the agenda will be fine tuned on the first day of training to meet the participants’ profiles and requirements):

·         DNS operations

·         DNS software overview

·         DNS delegation reminders

·         DNS logging and monitoring

·         Securing DNS with TSIG and ACLs

·         DNS & IPv6 - service and zone contents

·         DNS Security and resiliency

·         DNS & firewalls

·         DNSSEC - Signing delegations

·         DNSSEC Deployment considerations (security, crypto, process, documentation)

·         Anycasting

Biography:

Randy Bush is a Research Fellow and Network Operator at Internet Initiative Japan, Japan's first commercial ISP. He specializes in network measurement especially routing, network security, routing protocols, and IPv6 deployment. He is also a lead designer of the BGP security effort. Randy has been in computing for over 45 years, and has a few decades of Internet operations experience. He was the engineering founder of Verio, which is now NTT/Verio. He has been heavily involved in transferring Internet technologies to developing economies for almost 25 years. He was a chair of the IETF WG on the DNS for a decade and served as a member of the IESG, as co-chair of the IETF Operations and Management Area for six years.  Randy was the first Chair of the NANOG Steering Committee, a co-founder of AfNOG, on the founding Board of Directors of ARIN, helped start AfriNIC, and has participated in APNIC, RIPE, et alia since each was founded.

Richard Lamb is Senior Program Manager DNSSEC at ICANN. Rick is part of ICANN's Security team and has over 25 years of Internet experience as engineer, entrepreneur, and policy expert. Currently responsible for DNSSEC efforts at ICANN including outreach and training, Rick was the technical and policy architect for ICANN's root DNSSEC deployment. He is a frequent speaker and a driving force behind DNSSEC's deployment as a cross-organizational, transnational platform for Internet security innovation and opportunity. Prior to this he was Director of Global IT policy at the US Department of State where he focused on helping policy makers understand technology across a wide range of agencies and issues. Before this he founded a number of small networking startups based on his inventions, the last being acquired by Microsoft. His years in the networking field have included implementation and commercialization of a wide range of communication protocols (UUCP, MEP2, BiSYNC, SDLC, X.25, DECNET, Q.921/931, H.323, IPX, TCP/IP). Rick received his doctorate from MIT in 1987.

Phil Regnauld is a Network engineer and Trainer for the Network Startup Resource Center (NSRC). On the side, Phil is a partner at blue pipe a/s, a small company offering development, network management and DNS consultancy. Since 1997, Phil has been participating in workshops around the world, including INET Workshops, AfNOG, APRICOT, SANOG, PacNOG, MENOG, ccTLD trainings around the globe. At NSRC, Phil is helping with workshop planning, material development, teaching and Direct Engineering & Assistance, with a particular focus on helping RENs (Research & Education Networks) get built and running in Asia and Africa. He currently sits on the technical advisory board of the .FR TLD registry (AFNIC). Phil holds a bachelor degree of Computer Science from Université Paris V. In previous lives, Phil was a system and networks administrator for the Copenhagen Kingdom Hospital. Since then he has designed large DNS and mail platforms for organizations in the Danish private and public sectors (healthcare, pharmaceutical and ISPs).

Comments