Hands-on DNSSEC with DNSViz

Recommendations

Info

Add Records to example.com Zone Verisign Public 60
Create DNSSEC Keys for example.com Zone (6.1 – 6.3) (on sld1) Set the “SEP” bit for this DNSKEY Use algorithm RSASHA256 for signing Create a 2048-bit key # KSK=`dnssec-keygen -n ZONE -f KSK -a RSASHA256 -b 2048 \ -r /dev/urandom example.com` No “SEP” bit here Create a 1024-bit key # ZSK=`dnssec-keygen -n ZONE -a RSASHA256 -b 1024 \ -r /dev/urandom example.com` # ls $KSK* $ZSK* Verisign Public 61
Page 1 and 2:
Hands-on DNSSEC wi
Page 3 and 4:
Objectives • Understand the basic
Page 5 and 6:
DNS Overview Verisign Public 5
Page 7 and 8:
DNS Name Resolution • Resolvers q
Page 9 and 10: Query DNS Servers (1.1 - 1.5) $ dig
Page 11 and 12: Query a TLD Server Verisign Public
Page 13 and 14: Query Local Recursive Resolver Veri
Page 15 and 16: DNSSEC Overview Verisign Public 15
Page 17 and 18: DNS Security Extensions (DNSSEC)
Page 19 and 20: Key Roles - KSK/ZSK • DNSKEY RRse
Page 21 and 22: Insecure delegations • How can DN
Page 23 and 24: Query for DNSSEC Records (2.1 - 2.5
Page 25 and 26: Query for DNSSEC Records (DNSKEY) V
Page 27 and 28: Query for DNSSEC Records Verisign P
Page 29 and 30: DNSViz Verisign Public 29
Page 31 and 32: DNS Analysis Using DNSViz (dnsviz g
Page 33 and 34: DNS Analysis Using DNSViz (dnsviz p
Page 35 and 36: Analyze Using dnsviz grok (3.3 - 3.
Page 37 and 38: Analyze Using dnsviz grok (3.7) sho
Page 39 and 40: Analyze Using dnsviz print (3.12 -
Page 41 and 42: View dnsviz probe Output Verisign P
Page 43 and 44: View dnsviz grok Output Verisign Pu
Page 49 and 50: View dnsviz graph Output Verisign P
Page 51 and 52: View dnsviz print Output Verisign P
Page 53 and 54: Signing a DNS Zone Verisign Public
Page 55 and 56: Setup Virtual DNS Environment (4.3)
Page 57 and 58: View dnsviz graph Output Verisign P
Page 59: Add Records to example.com Zone Ver
Page 63 and 64: Create DNSSEC keys for example.com
Page 65 and 66: View dnsviz graph Output: DNSKEYs w
Page 67 and 68: Sign Records in example.com Zone (7
Page 69 and 70: View dig Output: no AD bit Verisign
Page 71 and 72: Add DS Records for example.com (8.3
Page 73 and 74: View dnsviz graph Output: Full Chai
Page 75 and 76: Fun with DNSViz Verisign Public 75
Page 77 and 78: View dnsviz graph Output: KSK-only
Page 79 and 80: Add New KSK to example.com Zone (9.
Page 81 and 82: View dig Output: AD bit Verisign Pu
Page 83 and 84: View dnsviz graph Output: Multiple
Page 85 and 86: Change KSK for example.com Zone (9.
Page 87 and 88: View dig Output: SERVFAIL Verisign
Page 89 and 90: View dnsviz graph Output: Invalid S
Page 91 and 92: View dnsviz graph Output: Expired R
Page 93 and 94: Remove RRSIG for AAAA Record from Z
Page 95 and 96: Modify TCP Connectivity (9.26 - 9.2
Page 97 and 98: Modify Path MTU (9.28 - 9.29) • D
Page 99 and 100: Add Lame Delegation (9.30 - 9.32)
Page 101 and 102: View dnsviz graph Output: Lame Dele
Page 103 and 104: View dnsviz graph Output: Select RR
Page 105 and 106: View dnsviz graph Output: Select RR
Page 107 and 108: Analyze example.com on Recursive Se
Page 109 and 110: DNSViz Programmatic Analysis Verisi
Page 111 and 112:
View dnsviz probe Output: Diagnosti
Page 113 and 114:
dnsviz grok Revisited (10.3 - 10.4)
Page 115 and 116:
View dnsviz grok Output: Errors, Wa
Page 117 and 118:
Monitoring with DNSViz • Sample s
Page 119 and 120:
Further Information on DNSViz • S
show all

Hands-on DNSSEC with DNSViz

Create successful ePaper yourself

Delete template?

Save as template?