Abstract

The workshop begins with an introduction to the Domain Name System (DNS) which is used in the Internet to map domain names onto IP addresses and other data. Participants will learn about the basic concepts and the limitations of DNS, in particular with respect to integrity guarantees. We will then explore how these issues can be addressed using DNS Security Extensions (DNSSEC), and show with practical examples how to properly configure a modern DNSSEC deployment.

Target Audience

Technical people with interest in DNS; command-line familiarity expected.

Details

We start with a (quick) historic account of why the DNS exists and proceed with a more detailed look at how it works. This includes both simple scenarios and more advanced situations, such as setups with wildcard records.

Next, we perform an analysis of the security properties of the DNS, with regards to the well-known security triad (availability, integrity, confidentiality). Participants will find that integrity is severely threatened without further measures -- a finding rooted in the fact that the DNS was not initially expected to be used on such broad scale.

To address security concerns, we introduce DNS Security Extensions (DNSSEC). We will together explore its basic concepts as well as limits of applicability, and get our hands dirty with modern semi-automated tooling for easy DNSSEC management. The workshop ends with practical exercises for DNSSEC setup and maintenance.