open secondary menu close secondary menu

Windows 2012 DNS and DNSSEC Hands-on Training

The Men & Mice staff now were just as motivated as the people I worked with back in 2006-2007, your continuous flow of information is a testament to that commitment too! Thanks to all involved.

Wim Tijman

Ditp Netherlands

Location Date Price
group training – on-site at your office 2017 on request Book a group training

General description

This 3 day training with lab exercises dives deep into the DNS protocol and prepares an Administrator who works with Microsoft DNS in the Internet or internal networks with the required knowledge to bring the DNS infrastructure into the future. The training explains the new DNS features of Windows 2012, as well gives recommendations for future proof DNS designs using the Windows 2012 DNS server. The training is based on Men & Mice 15 year experience with Microsoft DNS and Active Directory deployments.

Prerequisites:

  • Laptop with Windows 7 or Windows 8 (can be virtualized)
  • Ethernet network card
  • basic knowledge of Windows Server Administration

Syllabus

  • DNS 1×1
    • History of Name services (HOSTS.TXT, NetBIOS, WINS)
    • DNS Glossary: Domain, Domain-Name, Label
    • DNS Hierarchy: delegation
    • DNS replication (full zone-transfer, incremental zone transfer, active directory replication)
    • DNS troubleshooting tools (nslookup, dig, drill, PowerShell)
    • DNS record types and how they work: A/AAAA, SOA, NS, MX, SRV, TXT
    • The SOA configuration values and the Time-To-Live value
    • Reading DNS zone files
    • The DNS protocol on the wire
    • The purpose of DNS caching
    • The two functions of DNS Server: hosting zones (authoritative) and looking up names (recursive)
  • DNS Clients
    • Windows DNS Clients (XP, Vista, Windows 7, Windows 8)
    • Concepts: DNS suffix, search list, resolving DNS server
    • GUI configuration
    • Configuration from the commandline (ipconfig, netsh, PowerShell)
  • Windows DNS Server (2008 and 2012)
    • Windows 2012 server installation (Server Core and full GUI)
    • Creating and managing static zones
    • Creating and managing dynamic zones
    • Aging and Scavenging on DNS records in dynamic Zones
    • How to Monitor a Windows DNS server
    • Windows DNS Server maintenance
  • DNS deployment concepts
    • “Hidden Primary Master” setups
    • Separation of resolving and authoritative functions
    • DNS forwarding explained
    • How to use stub zones to augment the DNS namespace with private data
    • DNS server redundancy – the way to 100% service uptime
    • DNS server load balancing, Round-Trip-Time measurements
  • DNS for Active Directory
    • The SRV Records, and how Active Directory services are found using DNS
    • Dynamic auto-registration of DNS records in Active Directory
    • Naming a Domain – DNS and Active Directory best practices
    • Troubleshooting Active Directory issues in DNS
  • DNS dynamic updates
    • RFC standard DNS updates, how does it work?
    • DNS and DHCP interaction
    • The FQDN DHCP option
    • Registering the address records
    • Registering the pointer records (reverse resolution)
    • Dynamic update security (TSIG and GSS-TSIG)
  • DNS Security
    • The dangers to DNS: cache poisoning, denial-of-service attack, untrusted resolvers, unauthorized DNS changes
    • Common DNS misconfigurations
    • The DNS Security Extensions (DNSSEC)
    • How DNSSEC secures DNS data by signing resource record
    • Choose the correct DNSSEC signing parameters (Algorithm, Key-Length, Key-Rollover-Policies, NSEC/NSEC3)
    • Sign a DNS Zone using the Windows DNS server 2012
    • Registering the delegation signer (DS) record in the parent zone
    • Performing a DNSSEC key rollover
    • DNS operator switch with DNSSEC signed zones
    • DNSSEC validation – how does it work
    • Enable DNSSEC validation on Windows DNS server 2012
    • Making an Enterprise Windows client DNSSEC aware
    • Troubleshooting DNSSEC validation
    • DNSSEC application support
    • Securing TLS/SSL certificates with DNS
    • Use DNSSEC to secure Active Directory (private DNSSEC)
  • Windows DNS and IPv6
    • IPv6 based name resolution on Windows operating systems (DNS, LLMNR, PNRP)
    • The “ipv6-literal.net” domain and literal IPv6 addresses in legacy applications
    • Windows DNS Server and IPv6 best practice
    • DNS64 and NAT64 in an Microsoft environment
  • Hands-on Exercises
    • installing the Windows DNS server on Windows 2012 server (core or full gui)
    • basic configuration of an caching DNS Server
    • creating a static zone
    • troubleshooting delegation issues
    • replicate a DNS zone to a offside DNS server
    • creating a delegated child zone
    • creating a dynamic zone, working with dynamic updates
    • creating a stub zone for private data
    • dynamic updates from the client machine
    • enabling DNSSEC validation using the Internet root trust-anchor
    • signing a DNS zone with DNSSEC
    • DNSSEC validation using a private trust anchor
    • troubleshooting DNSSEC validation issues
    • creating self-signed TLS certificates and secure them with DNSSEC

If you would like to be notified quarterly about upcoming trainings, please subscribe to the Training Mailing List