Building resilient DNS Infrastructure and Introduction to DNSSEC

Name: Building resilient DNS Infrastructure and Introduction to DNSSEC
Start: 2016-10-10T09:00:00+00:00
End: 2016-10-14T17:00:00+00:00
Location: Ouagadougou, Burkina Faso

10 Oct 2016, 09:00 → 14 Oct 2016, 17:00 Africa/Ouagadougou

Salle NCRI (Ouagadougou, Burkina Faso)

Salle NCRI

Ouagadougou, Burkina Faso

Université de Ouaga 1

Description

5-day DNSSEC awareness and hands on-training workshop on resilient DNS infrastructure which includes a refresher on guiding principles and best practices for building campus networks.

Objectives
Participants will:

revisit requirements for building highly available and reliable campus networks with the hierarchical network model and best current practices.
be able to explain and demonstrate concept of DNS as critical part of Internet infrastructure, configure nameservers and manage forward and reverse zones
be able to explain DNS protocol vulnerabilities, DNS Security and DNSSEC concepts
acquire hands-on experience with DNSSEC and plan for deployment

Target Audience
Network/systems administrators and engineers from campus networks and NRENs

Requirements: A laptop with wireless capability, understanding of network design concepts and a knowledge of UNIX/Linux and the Domain Name System

Language: Conducted in English with bilingual trainers

Logistics:

All participants will have to secure funds for their travel, including visa fees where applicable.
International participants will be provided with free accommodation (from 9 October to 14 October 2016)
Lunches and coffee breaks will be provided for all participants for the duration of the workshop.

Participants

Abakar Hissein Adoum
Abdramane COMPAORE
ABDULAZEEZ ADELOPO
Abdullahi Gadanga
Adam Ahmat Doungous
Adam Ahmat Doungous
Adeline OUEDRAOGO
Adilis Pereira
AGBEGNIHO KPAKPOVI
AGBEZOUTSI Edem
Aristide ZOUNGRANA
Arnaud Abdoul Aziz AMELINA
Ato Yawson
BAGUE SOPHO ZAKARI
Bakénon Karim Koné
BAYALA Beranger
Bernadette Codou DIONE
Chukwuemeka Nwufo
COMPAORE Patrick Noël Boudounoma
DAN DJARI HAROUNA
Daniel Godwin Essel
Davy ABEYE
Edmond TIENDREBEOGO
Ekene Ezeasor
Emile MILLOGO
Emmanuel Togo
franc P Aristide kabore
Georges LALLOGO
gildas zougmore
Guiguemde Jacques Rodrigue R
HALIDOU ROUAMBA LACSOFT BURKINA SA
Ibrahim ALIO SANDA
Ibrahim ILBOUDO
Ibrahima Diallo
Ishaku Anaobi
Kafui Dake
KI Jean de la croix K
KONATE Brahima
Leandro Vieira
MAHAMANE SAMBO Karim
MAHAMAT ADOUM TIDJANI
Massamba SY
Mohamed BAHIKORO
Mouhamadou Moustapha MBAYE
Moustapha BIKIENGA
Moustapha THIAM
NAHANZALÉ Itchalitou
NASSIROU ELH SANDA OUMAROU
Nura Garba
Olugbenga Adedayo IGE
Olutayo Ajayi
Oluwatobi Fowora
Ouarmé Arouna
OUATTARA Arouna
OUEDRAOGO S. Souleymane
PARE/SANOU Elisabeth
Pierre Claver B. Traore
Priscillia Igba
Rakissaga Wendeso Aĩda
Richard Otieku-Boadu
Robert Sam
Sahabi Ibrahim
Saidou Maman Hamissou
Serge Roland SANOU
Thomas Songu
Tiguiane Yélémou
Tindano Olivier
Victor OYETOLA
Vincent Okeke
Wendingoudi Maïmouna SAWADOGO
Yahaya Coulibaly
Youssouf Abakar tahir
ZIO Asso Henri Joel
ZONGO Moussa

WACREN Training

training@wacren.net

+234 808 888 1571

Monday, 10 October ¶
- 09:00 → 10:30
  
  Opening and Welcome¶
  
  Welcome from FasoREN
  Welcome from WACREN
  Greetings from Ministry of Higher Education and Research
  Greetings from Ministry of ICT
  FasoREN update
- 10:30 → 11:00
  
  Coffee Break 30m
- 11:00 → 12:30
  WACREN and Campus Network Updates¶
  - 11:00
    
    WACREN Update¶ 30m
    
    Speaker: Mr Omo Oaiya (WACREN)
    
    Slides
  - 11:30
    
    NREN and Campus Network presentations¶ 1h
- 12:30 → 13:30
  
  Lunch 1h
- 13:30 → 15:00
  Campus Network IP Address Planning and Clinic¶
  - 13:30
    
    NREN and Campus IP Addressing¶ 30m
    
    Speaker: Mr Alain Patrick AINA (WACREN)
    
    Slides
  - 14:00
    
    Exercise: IP Address Planning¶ 30m
- 15:00 → 15:30
  
  Coffee 30m
- 15:30 → 16:30
  The Internet Naming Ecosystem¶
  
  The DNS Ecosystem
  - 15:30
    
    The DNS Ecosystem¶ 30m
    
    Speaker: Mrs Khoudia GUEYE (snRER)
    
    Slides
  - 16:00
    
    Accessibility of ccTLD name servers in the WACREN region¶ 30m
    
    Speaker: Didier Bassole (Université de Ouagadougou)
    
    Slides
Tuesday, 11 October ¶
- 09:00 → 10:30
  DNS Essentials¶
  
  Concept, hierarchy, components and roles , forward and reverse zones and delegation
  - 09:00
    
    Plain "old" DNS¶ 45m
    
    Speaker: Mrs Khoudia GUEYE (snRER)
    
    Slides
  - 09:45
    
    Labs¶ 45m
    
    zones setup, master/slave, delegation with BIND, tests and validation
    
    Exercises
    
    Overview of the lab network architecture
- 10:30 → 11:00
  
  Coffee Break 30m
- 11:00 → 12:30
  
  DNS Essentials¶
  
  DNS Resolvers, Name Server Control, DNS Service Logging
  
  Convener: Mr Alain Patrick AINA (WACREN)
  
  Exercises
  
  slides
- 12:30 → 13:30
  
  Lunch 1h
- 13:30 → 15:00
  DNS service monitoring¶
  - 13:30
    
    DNS Server and Service Monitoring¶ 30m
    
    Speaker: Mrs Khoudia GUEYE (snRER)
    
    Exercises
- 15:00 → 15:30
  
  Coffee Break 30m
- 15:30 → 17:00
  
  DNS Service Monitoring: Labs¶
  
  Use of Nagios and Smokeping for DNS monitoring
  
  Exercises
Wednesday, 12 October ¶
- 09:00 → 10:30
  DNS - Other Security¶
  
  Access Control, Securing Host-Host communication, DNS Anycast, DNS data confidentiality
  - 09:00
    
    DNS Security and Resiliency¶ 30m
    
    Speaker: Mr Alain Patrick AINA (WACREN)
    
    Slides
- 10:30 → 11:00
  
  Coffee Break 30m
- 11:00 → 12:30
  
  DNS - Other Security: Labs¶
  
  Exercises
- 12:30 → 13:30
  
  Lunch 1h
- 13:30 → 15:00
  
  Labs continued¶
- 15:00 → 15:30
  
  Coffee Break 30m
- 15:30 → 17:00
  
  Labs continued¶
Thursday, 13 October ¶
- 09:00 → 10:30
  Introduction to DNSSEC¶
  - 09:00
    
    DNSSEC Overview¶ 1h 30m
    
    Speaker: Mr Alain Patrick AINA (WACREN)
    
    Slides
- 10:30 → 11:00
  
  Coffee Break 30m
- 11:00 → 12:30
  Labs¶
  
  Configuring DNSSEC validating resolver
  DNSSEC validation with Bind and Unbound.
  Zone signing - Manual and automation
  Exercises
  
  dnssec-bind-enable-validation-BF.txt
  
  dnssec-bind-inline-signing-howto-BF.txt
  
  dnssec-bind-manual-signing-howto-BF.txt
- 12:30 → 13:30
  
  Lunch 1h
- 13:30 → 15:00
  
  Labs Continued¶
- 15:00 → 15:30
  
  Coffee Break 30m
- 15:30 → 17:00
  
  Labs Continued¶
Friday, 14 October ¶
- 09:00 → 10:30
  
  DNSSEC Labs Continued¶
  
  Delegation of signing authority, DS exchanges and chain of trust
- 10:30 → 11:00
  
  Coffee Break 30m
- 11:00 → 12:30
  
  DNSSEC troubleshooting¶
  
  dig and dnsviz.net
- 12:30 → 13:30
  
  Lunch 1h
- 13:30 → 15:00
  
  Discussion¶
  
  Key management, HSM discussions, DNSSEC deployment experiences, Root KSK rollovers project, Discussions on DNS privacy, Q&A
  
  Information
- 15:00 → 15:30
  
  Coffee Break 30m
- 15:30 → 17:00
  
  Wrap-up and closing¶
  
  Evaluation and Certificate Presentation