DNSSec - Secure DNS

Learn how DNSSec is used to secure and protect DNS
3.9 (7 ratings)
Instead of using a simple lifetime average, Udemy calculates a
course's star rating by considering a number of different factors
such as the number of ratings, the age of ratings, and the
likelihood of fraudulent ratings.
64 students enrolled
Sale Ends Today!
62% off
Take This Course
  • Lectures 16
  • Length 1 hour
  • Skill Level Intermediate Level
  • Languages English
  • Includes Lifetime access
    30 day money back guarantee!
    Available on iOS and Android
    Certificate of Completion
Wishlisted Wishlist

How taking a course works


Find online courses made by experts from around the world.


Take your courses with you and learn anywhere, anytime.


Learn and practice real-world skills and achieve your goals.

About This Course

Published 4/2016 English

Course Description

DNS is not secure! And DNS is the most important protocol of internet! Learn how to secure DNS with DNSSec!

In this course You will learn how DNSSec works, how to implement DNSSec and how to operate DNSSec-enabled DNS-servers.

By the end of this course You will have a solid understanding of how to secure your domains and zones.

What you will learn:

  • How the signing process works
  • Background about hashing algorithms and digital signatures.
  • Differences between ZSK (zone signing keys) and KSK (key signing keys)
  • How to operate a signed zone in bind.
  • The chain of trust. How Your zone information is secured all the way back to the root zone.

The requirements:

  • You really need to know how DNS works. I expect You to already know about zone files, dig, SOA-records and zone transfers.

Target audiences:

  • Networking engineers who operates their own DNS-servers with bind
  • Security aware people who wants to understand DNSSec
  • CCNA/CCNP students.

What are the requirements?

  • A solid understanding of DNS is a must!

What am I going to get from this course?

  • Sign their own zone
  • Operate DNSSec-enabled authoritative DNS-server
  • Troubleshoot DNSSec
  • Explain and understand the principles of zone signing.

Who is the target audience?

  • Security engineers who need knowledge of DNSSec
  • Operators of authoritative DNS-servers
  • Networking and security students (CCNA/CCNP)

What you get with this course?

Not for you? No problem.
30 day money back guarantee.

Forever yours.
Lifetime access.

Learn on the go.
Desktop, iOS and Android.

Get rewarded.
Certificate of completion.


Section 1: Introduction - about this course

The background about DNSSec is explained. Why is it needed?


A short welcome message!

Section 2: Theories behind DNSSec

DNSSec must be supported in the resolver and in the authoritative DNS servers. You do not need to have DNSSec-support in your local computer.


DNSSec uses hashes and digital signatures. These terms are explained in the upcoming lectures.


How hash methods works, why they exists and what defines a proper hash method.


Digital signatures ("signing") is a key component of DNSSec. In this lecture the concept of signing is explained.


I explain the chain of trust.


It seems overkill with multiple levels of keys, but they are the key(!) to the protocol.


The terms "resource record" and "resource record set" might need some clarification.

Section 3: Hands on

This is the first part of 3 lectures where I explain the signing process.


The second part of the signing process walkthru...


The third and final part of the signing process walkthru.


Together we will have a look at how the signed zone looks like.


We verify DNSSec functionality with dig and learns how to use dig to test DNSSec.

Test your knowledge
3 questions
Section 4: Managing DNSSec
Key rollover
Section 5: Bonus section
Bonus lecture: About me and my courses

Students Who Viewed This Course Also Viewed

  • Loading
  • Loading
  • Loading

Instructor Biography

Jimmy Larsson, Senior Consultant, Instructor and CISSP

I have been working in IT since 1991. My focus the last 15 years has been in Routing&Switching and Security. I have certifications in Cisco (CCNA, CCNP, CCSP) since 2000, also certified Checkpoing CCSA/CCSP and ISC2 CISSP. After 20+ years as an IT consultant I have a broad as well as deep knowledge in TCP/IP, routing, switching and firewalling.

Ready to start learning?
Take This Course