DNSSEC for DNS-administrators

Author: Casper Gielen

DNSSEC (DNS SECurity) is a backwards-compatible extension of DNS, which is the addressbook of the internet. So far security has been lacking while it is easy to intercept or to fake DNS-information. DNSSEC adresses this with cryptographic protection against various attacks such as DNS-spoofing.

The first part of the talk describes why DNSSEC is needed and how it works conceptually. The second part focusses on validating DNSSEC information published by others with specific examples for the Bind and Unbound DNS-servers.
The third part is on publishing your own DNSSEC information. If time permits 'dnssec-signzone' will be demonstrated. If there is a lot of time left the more advanced OpenDNSSEC will be discussed instead.