DNS is not secure! And DNS is the most important protocol of internet! Learn how to secure DNS with DNSSec!
In this course You will learn how DNSSec works, how to implement DNSSec and how to operate DNSSec-enabled DNS-servers.
By the end of this course You will have a solid understanding of how to secure your domains and zones.
What you will learn:
DNSSec must be supported in the resolver and in the authoritative DNS servers. You do not need to have DNSSec-support in your local computer.
DNSSec uses hashes and digital signatures. These terms are explained in the upcoming lectures.
How hash methods works, why they exists and what defines a proper hash method.
Digital signatures ("signing") is a key component of DNSSec. In this lecture the concept of signing is explained.
I explain the chain of trust.
It seems overkill with multiple levels of keys, but they are the key(!) to the protocol.
The terms "resource record" and "resource record set" might need some clarification.
This is the first part of 3 lectures where I explain the signing process.
The third and final part of the signing process walkthru.
Together we will have a look at how the signed zone looks like.
We verify DNSSec functionality with dig and learns how to use dig to test DNSSec.
I have been working in IT since 1991. My focus the last 15 years has been in Routing&Switching and Security. I have certifications in Cisco (CCNA, CCNP, CCSP) since 2000, also certified Checkpoing CCSA/CCSP and ISC2 CISSP. After 20+ years as an IT consultant I have a broad as well as deep knowledge in TCP/IP, routing, switching and firewalling.