Olaf, thanks very much to you and your colleagues for producing this.
I wonder if it would be appropriate to have this published as a RIPE
document. Any comments from the WGs?
Dear Colleagues,
[Apologies for duplicates]
We are happy to announce the availability of a "DNSSEC HOWTO" at:
http://www.ripe.net/disi/dnssec_howto/ (html)
http://www.ripe.net/disi/dnssec_howto/dnssec_howto.pdf (pdf)
The document forms part of a RIPE NCC project on the deployment of
DNSSEC and describes how to set up DNSSEC.
The HOWTO covers the following topics:
* Part I, 'Securing DNS data', about the aspects of DNSSEC that
deal with data security.
* Part II, 'Securing communication between Servers', covering
aspects that deal with server to server security and
transaction security.
The document is based on the so-called DNSSEC-bis specifications that
where finalized by the IETF and are now in the RFC editors queue
[I-D.ietf-dnsext-dnssec-intro, I-D.ietf-dnsext-dnssec-protocol and
I-D.ietf-dnsext-dnssec-records].
This document will be subject to change. Please regularly check for
new versions at:
http://www.ripe.net/disi.
Your corrections and additions are appreciated.
---------------------------------| Olaf M. Kolkman
---------------------------------| RIPE NCC
Dear Colleagues,
[apologies for duplicate postings]
As a service to its members the RIPE NCC offers the DNSSec Training
Course.
The main objective of the DNSSec Training Course is to provide LIRs with
sufficient background to be able to deploy DNSSec in their own
organisation as soon as the protocol is standardised. This course also
explains the specific procedures set up by the RIPE NCC to to secure the
in-addr.arpa zone.
The Domain Name System (DNS) is one of the main parts of the Internet
infrastructure. At the moment DNS lacks a mechanism to establish the
authenticity and integrity of the data it provides.
DNSSec is a set of extensions to provide this end-to-end authenticity and
integrity. It is currently being developed within the IETF dnsnext Working
Group. The protocol is about to be finalised and the code implementing the
protocol is available in alpha releases.
The DNSSec course consists of two parts: an "Introduction to DNSSec" and
a real life demonstration.
The "Introduction to DNSSEC" will cover:
- DNS security threats
- DNSSec security mechanisms
- DNSSec server protection
- DNSSec data protection
- Delegation issues
- Key management issues
- Current developments
Examples are based on the BIND name server.
Please note that DNSSec is an advanced course. It will:
- NOT teach the basics of DNS.
- NOT describe how to receive Internet resources from the RIPE NCC
not describe how to operate a Local Internet Registry (LIR)
The target audience of the course are technical staff of LIRs: e.g.
network & system operators, engineers, etc. This course is not intended
for administrative or management staff (e.g. Hostmasters). It is assumed
that all attendees are familiar with common DNS terminology, have a
practical knowledge in operating DNS servers and are interested in
learning the concepts and mechanisms that DNSSec offers.
The DNSSec course is conducted in the English language and is free of
charge, since it is covered by the membership fee.
More information about the DNSSec Training Course can be found at:
http://www.ripe.net/training/dnssec/
REGISTRATION:
You can register for a course at the following URL:
http://www.ripe.net/cgi-bin/trainingform.pl.cgi
Or by completing the registration form at the end of this e-mail and
replying to <training(a)ripe.net>
In order to register for a DNSSec Training Course you must be an
employee of an LIR and either :
- be an LIR contact
- be confirmed by an LIR contact.
LIR contacts are those employees of an LIR who are registered with the RIPE
NCC as authoritative contact persons.
It is expected that most of those interested in the DNSSec Training
Course will not be an authorative contact persons for their LIR, and
therefore will be refused by the course registration "robot".
In order to be admitted to the course, a confirmation e-mail must be sent
to <training(a)ripe.net>.
Please approach the LIR contacts from your organisation personally,
since the identity of LIR contacts is confidential, and the RIPE NCC is
unable to divulge contact persons for any given LIR.
Kind regards,
Rumy Kanis
Training Services Manager
RIPE NCC
COURSE DATES AND VENUES
=======================
Date: Friday 4 February 2005
Time: 0900 - 1700
Location: Vienna, Austria
AND:
Date: Thursday 14 April 2005
Time: 0900 - 1700
Location: Amsterdam, The Netherlands
REGISTRATION FORM
=================
%START
PART 1 - Registration
1) Your name
Enter First name, Last name in full
e.g. John Doe
Mary-Beth Walton
# NAME [ ]
2) Your Registry ID (format: country-code.<name of registry>)
# REG [ ]
3) Your e-mail address
# EMAIL [ ]
4) Your NIC handle (optional)
# NICHANDLE [ ]
5) The course you plan to attend (date and location)
# COURSE [ ]
%END
