DNS Introductory Course (3 days including lab exercises)
A complete introduction to DNS. All of "classic DNS" is covered. Most of standard DNS issues are both theoretically discussed and, through lab exercises, worked with in practice. Furthermore, in keeping with changes in the Internet environment, the DNS aspects of both IPv6 and International Domain Names are fully covered.
Excerpt of topics covered: historic overview, database structure, record types, address records, zones and domains, DNS message structure, recursion, authoritative servers, resolvers, caching, delegation, glue records, the ice floe model vs. the tree hierarchy model, reverse delegation, master vs slave, primary master and hidden master, zone transfers, notify, access control, IDN, logging, implementations, design alternatives and aspects. The lab exercises are done using Unbound, NSD4, BIND9 and Knot-DNS according to student preferences and requirements.
Intended audience: This course is suited for systems staff, network administrators, DNS administrators, and other staff with responsibility for design and operations of network services (almost all of which depend on DNS). Anyone else who wants a better understanding of how DNS actually works is welcome too.
DNS Advanced Course (4 days including lab exercises)
The advanced course spends a limited amount of time on providing a deeper knowledge about topics already introduced in the introductory course but most of the efforts are focused on new topics. The general theme for the new topics are "security and flexibility". In addition to complete coverage of all the security related features of modern DNS we also cover Secure Dynamic Update (SDU) of DNS data. Furthermore DHCP for address space management is covered, including all the details of interection between DHCP and DNS in environments utilizing dynamic update.
Excerpt of topics covered: more complex scenarios (including firewalls, "split-DNS", forwarding, etc), TSIG (Transaction Signatures), rndc (remote control of BIND9 nameservers), EDNS(0) (Extended DNS), DNSSEC (securing DNS data through the addition of digital signatures), views, DHCP, dynamic updates, etc. The lab exercises are done using Unbound, NSD4, BIND9 and Knot-DNS according to student preferences and requirements.
Intended audience: This course is suited for systems staff, network administrators, DNS administrators, and other staff with responsibility for design and operations of network services (almost all of which depend on DNS). Anyone else who wants a better understanding of how DNS actually works is welcome too.
DNSSEC Course (1.5 days including lab exercises)
This is a stripped down version of the advanced course that focus primarily on DNSSEC. All aspects, including threat models, design choices, protocol enhancements, deployment strategies and tools are fully covered.
Excerpt of topics covered: TSIG (Transaction Signatures), EDNS(0) (Extended DNS), DNSSEC (securing DNS data through the addition of digital signatures). The lab exercises are done using Unbound, NSD4, BIND9 and Knot-DNS according to student preferences and requirements.
Intended audience: This course is suited for systems staff, network administrators, DNS administrators, and other staff with with a need to acquire deeper knowledge about the DNS threat models and the available remedies (primarily TSIG and DNSSEC).
In development: DNS Strategic course (1 day, no lab exercises)
This course tries to focus at "the big picture" without losing itself in technical details (fascinating as they are). There are no configuration details, nor examples of actual DNS data. There are no lab exercises but occasionally a demonstration or two.
Instead we spend this course examining generic DNS design issues (namespace management, server structure, alternatives with respect to interaction with firewalls and similar). We discuss present threat scenarios and available courses of action, upcoming changes to DNS and planning for them, what requirements to have when procuring DNS services, etc. Time is also spent on how the underlying structure of the Internet affects the design of robust DNS services. Examples of consequences and "what to think about" before introducing international domain names, IPv6 and DNSSEC are discussed.
The intent is that participant should get a broad and relevant penetration of the changes that are facing DNS and the consequences thereof for organizations depending on DNS.
Intended audience: This course has a different audience from the more technical courses. The primary audience is believed to be decision makers, IT strategists, project managers, and others with a need for this type of more compact survey of the entire modern DNS landscape and its connections to other application areas.