DNS Training

Presented by ZARC in collaboration with ZADNA

Presented in collaboration with ZARC and ZADNA

The Introduction to DNS Training course is designed to provide students with a solid foundation in DNS fundamentals and key concepts. Throughout this course, students will gain knowledge on how to design DNS structures for scalability and high availability, install and configure DNS name servers, and understand the delegation of zones and domains.

The course also delves into more advanced topics, such as DNSSEC validation and issues related to access control and response-rate limiting. In the Advanced training course, students will further explore the vulnerabilities of DNS and strategies to mitigate them. This includes learning about DNS Monitoring Systems, Access Controls, TSIG, and a comprehensive overview of DNSSEC.

The course has been updated to reflect the latest developments in DNS technology, with a focus on modern networking environments and the use of DNS Forwarding and Split-DNS. Notably, the course now includes in-depth coverage of DNSSEC, including configuration via KASP, automated key rollovers, and delegation synchronization via CDS and CSYNC.

Overall, the DNS Training course offers a comprehensive and up-to-date curriculum that equips students with the knowledge and skills needed to navigate the complexities of DNS in today's digital landscape.

What is Covered in the Intro Course?

A brief overview of some of the introductory course topics to be covered:

Introduction

Internet before DNS
DNS Design Requirements
Resource Records

DNS Records

The DNS Record Format
A and AAAA records
Structure and Data Records

Resolvers

Stub and Iterative Mode Resolvers
Recursive and Non-recursive Queries
The NXDOMAIN Response

Caching, TTL and Scalability

Delegation, the Key to Scalability
Zones and Domains
DNS Zone Records: The SOA Record, the Serial Number and the NS Record

Nameserver Roles

Authoritative Name Servers
Iterative Mode Resolvers (aka Recursive Name Servers)
Security Aspects and Threats
“Cache Poisoning”

Lab Exercises

Debugging tools (dig, drill, nslookup, others)
Configuration of an authoritative server
Delegation of sub-domain
Configuration and delegation of a reverse zone

Nameserver Setup

Unbound, NSD4, BIND9
Other Implementations
Differences, Pros and Cons

Nameserver Logging

What, when and why. Consequences
Configuration details
Query Logging. Alternatives

Introduction to DNSSEC

The Kaminsky Attack 2008
DNSSEC Validation (verification of signed DNS data)

Details

Each course is presented by Johan Stenstam (Online) and Mark Elkins (In person). Lab exercises are conducted using Laptops running X Windows. Students will connect either via PuTTY (for Windows) or via SSH (Secure SHell) to their (virtual) DNS Servers which are running on a BSD (Unix) system. Students are encouraged to use their own Laptops and/or bring USB memory sticks to keep copies of their work.

Who should attend?

The intended audience for these courses would be network engineers, network and DNS administrators as well as managers, people working in IT strategy, IT consultants, IT Security or anyone who needs an understanding of DNS and the DNS role on the Internet.

Pre-requisites

Both the Intro and Advanced courses require fundamental knowledge about the Internet, TCP/IP and Unix/Linux. Experience with a Unix/Linux text editor such as vi or emacs and with the Unix/Linux file systems and basic shell/operating system commands is compulsory.

There is a free and paid course "Learn UNIX from scratch using simple and practical approach" on Udemy which you can use to familiarise yourself with Unix.

The Advanced course requires the student to have completed the Introductory course or to at least provide evidence of adequate experience in managing DNS Systems.

Next Course Dates

There are no current courses

Courses are usually held twice a year, around September and at the beginning of the year, late January to early February. Registration is open a month or so before each course. The courses are usually held in Johannesburg (Midrand) and Cape Town. There is an Intro course and an Advance course which alternate in these locations. In an ideal world, the Intro course is the first course of any training session, followed by the Advance Course.

Johan Stenstam

Johan Stenstam has a degree in Engineering Physics from the Royal Institute of Technology in Stockholm, Sweden. He has been providing consulting and professional training services, primarily in the areas of DNS, DNS Security, DHCP, systems design, name and address space management for the past 25-years. Johan was previously the DNS Product Owner at Netnod and is currently employed as a DNS Expert at the .SE ccTLD Registry.

Mark Elkins

Mark Elkins was born and educated in the UK, where he attended Queen Mary College (London University) from 1979 to 1983. Mark has been working on Unix based computer systems for over 30-years and he moved to South Africa in 1984, where he later co-founded Domain Name Services (Pty) Ltd. Mark has been involved in local DNS training for over 10-years and he is a certified CCIE (Cisco Engineer).

Course Registration

Applications are subject to a R2000.00 refundable deposit on attendance. Applications will only be confirmed on receipt of the deposit. Applications will be closed once the total number of deposits have been received. Deposits of delegates that do not attend will be forfeited, and in turn donated to the ISPA Teachers Training Program.
We can only accept up to two people from any one organisation

Deposits may be paid by direct transfer into the DNS ZA bank account using the Booking Reference number as a reference.

Account Holder: ZA Registry Consortium (Pty Ltd)
Bank: ABSA
Current Account: 410 670 4998
Branch code: 632005

Please email proof of payment to accounts@registry.net.za

The training course starts at 09h00 and finishes at 17h00.

Documentation, refreshments and lunch will be provided.

Registration Form

Venue/Course/Date:

Title

Name and Surname * Your full name (First and Last name)

Passport/ID Number * SA ID or Passport Number

Company * Your Company Name (or Private)

Street Address Your full street address

Special Dietary Requirements Intolerances or allergies?

Car Registration for Parking Car Registration for Parking?

Telephone Number * Your phone number in the international format '+27.115682800'

Mobile Number * Your phone number in the international format '+27.115682800'

E-mail Address * Your e-mail address - eg 'support@dns.net.za'

Captcha *

We need to know you are human!

[ Reload Captcha ]

* Required fields