DNSSEC (Domain Name Security Extensions)

DNSSEC is a protocol to secure the DNS cryptographically against attacks on the protocol level. The "root"-zone of the Domain Name System will be signed from July 2010 - it's about time for DNS administrators at service providers and enterprises to brush up their DNS knowledge, and gain insight into DNSSEC protocol and administration.

Trainers teaching this course have more than 5 years experience with the topic of DNSSEC, and are currently in the process of preparing the DNSSEC-testbed for the ".at" Top Level Domain. They were actively engaged in the review and standardization of DNSSEC in the IETF.

Training Goal

DNS administrators and IT security officers understand the technology DNSSEC, can estimate the options and consequences of introducing the technology in their IT environment. They can plan and conduct the introduction of DNSSEC in their enterprise.

Training Itinenary

  • Recap: Structure of the DNS
  • Attack vectors of the Domain Name System
  • DNSSEC Overview
  • New Resource Records
  • Signature Options (NSEC / NSEC3)
  • Key Structure: Key signing key (KSK), Zone signing key (KSK), Rollover
  • Software for DNSSEC
  • Workshop: Signing of a zone
  • Workshop: Key-Rollover
  • Provisionierung of DNSSEC at TLD-Registries


  • 1 day

If you are interested in this training please contact us. We can also hold custom trainings about DNSSEC at your own enterprise premises.