mail us  |  mail this page

contact us
training  | 
tech stuff  | 

DNS Security Training

Duration: 2 days.

La formation est aussi disponible en français.

The primary focus of the course is BIND which is available on Linux, UNIX and Windows platforms. The course is offered with Linux (Fedora Core), FreeBSD or Windows 7, 8 or 10 as the platform for all exercises.


Reliable, robust and secure operation of the DNS hierarchy - from the root servers to an individual domain name server - is critical to all Internet operations. The course concentrates on the use of DNSSEC for the control of Zone Transfers, DDNS and zone Integrity and especially the automation of key-rollover using established tools. While the primary focus of the course is BIND other DNS software will be discussed.


Students will review the theory behind the DNS hierarchy, the DNS protocol, forward and reverse mapping zone files. DNS (DNSSEC) security is based on modern cryptographic techniques and processes. The student will learn the underlying principles without requiring mathematical knowledge. Specific implementation of shared-secret (symmetric) and public-key (asymmetric) implementations will be detailed covering Zone Transfer, Dynamic DNS (DDNS) and Zone Integrity. Secure DDNS integration with DHCP is covered and procedures and requirements for key management and key-rollover are illustrated. The course includes a number of hands on configuration exercises.


The course is designed for DNS administrators, Network and System Administrators, Security specialists and those who need a thorough understanding of DNS security. Students should have taken the Basic DNS Course or have over 2 years exposure to DNS operations.

About the Instructor

Ron Aitchison is the author of Pro DNS and BIND (Apress ISBN 1-59059-494-0) which was the first book to cover the new DNS security protocols (DNSSEC) and Pro DNS and BIND10 (Apress ISBN-13: 978-1590594940). Ron has been involved in communications and networking for more years than he cares to admit and is president and founder of Zytrax, Inc. a company specializing in IP communications (wired and wireless), systems development and consulting in Montreal, Canada. He has been involved with Open Source for over 15 years and is the primary author of the Tech Stuff, DNS for Rocket Scientists and LDAP for Rocket Scientists available as free resources for the community.


Module 1: DNS Refresher

Module 2: DNS Security Basics

Module 3: Cryptographic Introduction

Module 4: Securing Zone Transfers

Module 5: Securing DDNS

Module 6: Zone Integrity

Module 7: Zone signing

Module 8: Keyrollover and Maintenance

Module 9: Summary

Other courses: Basic DNS, Advanced DNS, DNS and RPZ, LDAP Courses, X.509 (SSL) Certificate Training.


training home
dns training
ldap training
x.509 (ssl) certs
on-site training
on-line training
client list


dns guide
ldap guide
RSS Feed Icon

If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C standards compliant browser such as those available from firefox

Zytrax Services

Tech Stuff Pages
Open Guides




Icons made by Icomoon from is licensed by CC 3.0 BY
share page via facebook tweet this page


email us Send to a friend feature print this page Display full width page Decrease font size Increase font size


CSS Technology SPF Record Conformant Domain
Copyright © 1994 - 2024 ZyTrax, Inc.
All rights reserved. Legal and Privacy
site by zytrax
hosted by
web-master at zytrax
Page modified: January 20 2022.