RSS feed logo header graphic

Black Hat DC 2009 Briefings and Training

February 16-17

Understanding and Deploying DNSSEC

Paul Wouters and Patrick Nauber


DNSSEC is a hot topic. It has been controversial, taking over six years to standardize. Some people want to use it yesterday, others hope it will still go away, despite the fact that 6 countries, RIPE and ENUM are already deploying DNSSEC. But Dan Kaminsky's DNS flaw, as presented at Black Hat in Las Vegas in 2008 put the final nail in the coffin of unprotected DNS. The US Government made DNSSEC mandatory to implement in 2009, and on November 14 2008, the .gov zone was signed using DNSSEC and published. DNSSEC is not going away, and every DNS administrator sooner or later will have to tackle the additional burden of the complexity of DNSSEC.

This course will teach the theory of DNSSEC as required from an operational perspective. It will teach you how to use the available DNSSEC software. How to create and publish a DNSSEC signed domain. And importantly, how to deal with the DNSSEC key management, the core complexity of using DNSSEC. And how to configure DNS resolvers to take advantage of DNSSEC with minimal infrastructure changes.

The course is given over two days. Both days consist of a theoretical part and lab session in the morning, and another theoretical part and lab session in the afternoon.

Participants only need a laptop with an ssh client to participate. Xelerance will bring a Linux Xen server which will be hosting virtual Linux computers for each student. We prefer the room to have a functional ethernet, since in our experience the wireless network and wireless installations on laptops are not reliable enough to depend on.

Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.


Paul Wouters

Paul Wouters has been involved with Linux networking and security since he co-founded the Dutch ISP Xtended Internet back in 1996, where he started working with FreeS/WAN IPsec in 1999 and with DNSSEC for the .nl domain in 2001.

He has been writing since 1997, when his first article about network security was published in LinuxJournal in 1997. Since then, he has written mostly for the Dutch spin-off of the German c't magazine, focusing on Linux, networking and the impact of the digital world on society. Paul is the principle author of the book “Building and Integrating Virtual Private Networks with Openswan”, published by Packt Publishing.

Paul has presented papers at SANS, OSA, CCC, HAL, Blackhat and Defcon, and several other smaller conferences.

He started working for Xelerance in 2003, focusing on IPsec, DNSSEC and delivering trainings.

Paul received a B.Ed Chemistry and Biology from the Noordelijke Hogeschool Leeuwarden in The Netherlands.

Patrick Naubert

Patrick Naubert has been involved with network security since 1992 when he founded Resudox Online Services, one of the first ISP's in Ottawa, Canada. Patrick also co-founded Milkyway Networks in 1994, and founded Tyger Team Consultants in 1997. As part of Milkway Networks, Patrick installed and configured hundreds of firewall systems. Patrick trained and was responsible for the support of most of Milkway Networks' clients. As the head of Tyger Team Consultants, Patrick was continually involved in clients' vulnerability assessments and network architecture reviews.

In his spare time, Patrick is a CISSP trainer and also teaches Windows Vulnerability Countermeasures.

Patrick graduated from Universite de Sherbrooke in Canada in 1990, Bachelor of Computer Science with a Business minor. Patrick is delighted to have no criminal record at this time.

Ends Jan 1

Ends Feb 1

Ends Feb 11

Feb 18





Black Hat Webcasts

Black Hat Social

About Black Hat | Privacy Policy | Sponsorship Inquiry | DEFCON | Black Hat Main RSS Feed