Domain name system (DNS) protection

(Timezone - Europe/Amsterdam)



This is the third module in the “Operational network security” training programme.

Training is available to GN4.3, NRENs, NREN member organizations, system admin, network operators.

The Domain Name System (DNS) is one of the oldest protocols of the internet. It has proven to be capable to scale with the tremendous growth of the internet and also to remain adaptable to a variety of new applications, several of them relevant to the security of today's networks. Being a protocol from days when the internet was much smaller and thought to be safe, it has to cope with its own inherent security problems. The course will start with an introduction to DNS which will outline the basic security problems surrounding its operation. The following modules will deal with using the domain name system for network defence, like blackholing malicious domains and logging queries to infer intruder activity on the own network. The later modules will address the inherent security problems of DNS, starting with integrity protection through DNSSec and concluding the course with a module on privacy protection through DNS over TLS (DoT) and DNS over HTTP (DoH).

Please note that there is one registration - once registered you are welcome to attend all or selected sessions.

Also please note that we shall send you a calendar invitation with the Zoom link closer to the date of the session.

If you have registered less than an hour before the start of a session please email to let us know and we shall forward you joining instructions.

We shall notify all the participants how to access recorded sessions once recordings become available.

For any queries please get in touch with

We look forward to seeing you (virtually) soon.

GLAD (GEANT Learning and Development)
    • 1
      Introduction to DNS and its security problems

      The Domain Name System (DNS) is one of the core services of the Internet as we know it today. It was designed in 1983 and has been a critical part of the Internet infrastructure ever since.

      This session gives an overview of how DNS works and, crucially, what security implications its design and operation have.

      Date of delivery: 30 November 2020 2 pm CET

    • 2
      DNS for Network Defense - Using DNS to protect and observe

      DNS is used not only for the mapping of names to IP adresses and vice versa. This session includes several use cases showing how using information provided by DNS servers can be used to protect the local network from malicious activities, like SPAM or drive-by infections.

      This is followed by a block on monitoring DNS queries to collect information about ongoing intruder activity on an organisation's network.

      Date of delivery: 3 December 2020 2:00 pm CET

    • 3
      DNSSEC - Protecting the integrity of the Domain Naming System

      Although being hampered by slow adoption, DNSSEC has proven to deal effectively with the integrity problems of DNS.

      This module introduces the general concepts of DNSSEC and provides a practical example by implementing DNSSEC in a local zone.

      Date of delivery: 07 December 2020 2 pm CET

    • 4
      DNS Privacy Protocols - Encrypted DNS queries for privacy protection

      With the integrity of DNS taken care of by DNSSEC, inspection of DNS query data has been used for good and for bad intentions by various actors on the internet. "DNS over TLS" (DoT) and "DNS over HTTPs" (DoH) have been created as ways to mitigate the latter, while unfortunately also interfering with the former.

      This module will give insights into the workings and configuration of DoT and DoH, and explain trade-offs organisations' network administrators have to make between security and privacy on their network as well as show how to deal with some of them.

      Date of delivery: 10 Dec 2020 2:00 pm CET