Partager sur

6 minutes read

Teaser

Description

A domain name (NDD in French abbreviated notation or DN for Domain Name in English) is, in the domain name system “DNS”, an internet domain identifier. There is often confusion between Domain Name (NDD/DN) and the Domain Name System/Protocol (DNS) this is surely due to an abuse of language and there are more than 40 of them now.

A few years ago, when the Internet was in its infancy, the only way to access the site you wanted to visit was to enter the IP address, that long series of numbers, into the window of your Navigator. In the early 1980s, Paul Mockapetris, an American computer scientist, developed - with his colleague Jon Postel - a system that automatically matched IP addresses and domain names, and DNS was born.

This same system still serves as the backbone of the modern Internet. In the 1970s and early 1980s, these names and addresses were assigned by a single person - Elizabeth Feinler of Stanford - who maintained a master list of all computers connected to Arpanet in a text file called HOSTS.TXT (Well)

For as long as I can remember and when it was available to me I had to register my first domain name in the years 1992-1993 and start trying to understand Internet protocols including DNS.

I have had many projects over the years and for 36 years I am still astounded that the management of NDDs and DNS for companies is so little taken into account or poorly understood. Many errors or security concerns could really be avoided. Worse still, in 2024, I see emails still bouncing by “spoofing” because SPF, DKIM and DMARC etc. are misconfigured and/or understood.

Learn DNS once and for all!

All this will be centered around security throughout the workshop so we will take a look at the Cloudflare SaaS service and explain the importance of the measures that such a service offers you and see these possible competitors such as Public Clouds ( Azure, AWS, Gcp mainly).

To finish in style we will build our own home-made DNS resolver/server (UnBound) with an “anti-ad and anti-pup” personal network protector. The open-source tool is called Pi-Hole. All this in a Raspi 4 2GB already mounted and ready for connection!! All materials will be provided to you and it is included in the price of the workshop. You will leave with something concrete and viable to install in your home. What fun!

##NOTES: Face-to-face training only in Quebec (SeQCure Hôtel Classique)

I would like to remind you that this workshop will be at level 101 and 201. If you have a long-standing IT background, then this will only be a refresher. However for a course developer and/or pure security this might interest you. On the other hand, there is an aspect offensive and defensive security throughout.

Included:

  • All the equipment required to do the hardware workshop
  • Lunchtime food
  • Ticket at SeQCure
  • Goodies and other surprises at the end of sessions.

SYLLABUS

  • 8:30 a.m. - 9:00 a.m.
    • Welcome to the room and settle in at your place as well as a good coffee
  • 9:00 a.m. - 12:00 p.m.
    • Module 1 - The base (DNS)
      • The first principles of DNS
      • DNS equals database
      • DNS is a tree with its ramifications
      • Zone delegation
      • The root zone
      • Authoritative DNS servers (SOA)
      • Zone transfer
    • Module 2 - Domain names (NDD/DN)
      • Top-level domains (TLD, ccTLD, gTLD)
      • Second and third level domains
      • Registries, registrars and domain name holders
      • ICANN oversight (from IANA to ICANN)
      • WHOIS AND RDAP
      • International domain names
      • (Encoding DNS and saving NDs with non-ASCII characters)
      • The life cycle of an ND
      • Domain transfer
    • Module 3 - Operational DNS
      • Recursive queries
      • The DNS protocol
      • Glue Records (I love glue recording in French, what?)
      • DNS caching -EDNS
      • Public DNS resolvers
      • Transport protocols (TCP, UDP, DoH, DoT, DNSCrypt, etc.)
      • DDNS
      • Dynamic DNS responses (Round-Robin rrDNS the DNS load balancer)
    • Module 4 - DNS Record Types (Records)
      • Overview of DNS record types (we will see the main ones later)
      • A and AAAA records (IPv4 and IPv6)
      • CNAME records
      • TXT records
      • SRV records
      • PTR recordings
      • DNSSEC related record types
  • 12:00 p.m. - 1:00 p.m.
    • Well-deserved dinner break
  • 1:00 p.m. - 3:00 p.m.
    • Module 5 - DNS and Email Authority
      • Email setup overview
      • MX Records
      • SPF / DKIM / DMARC and their granularity as well as their scope -BIMI
      • MTA-STS
    • Module 6 - Cloudflare Tour
      • Overview of Cloudflare and what it would do for your DNS and NDD posture
      • No need to have an account but Cloudflare is free for 100 domains and with some very useful basic configurations.
      • We will highlight other competing services such as Public Clouds which are the only ones to date that can compete.
    • Module 7 - Offensive and defensive use cases with available online tools
      • Not being a Red/Blue Teams workshop (it would take another day) we will still push the exercise into quick practicalities.
      • Quite a few Recon, Osint, Digg, Informational, Debugging, Auditing tools and some “out-of-box” tools that I hope you will like.
  • 3:30 p.m. - 3:45 p.m.
    • KF installation / Biological installation before the “hardware” workshop
  • 3:45 p.m. - 6:30 p.m. and more if you want…
    • Hardware workshop - Assembly and Installation of your Raspi 4 which will become your family network backbone by being the private DNS resolver/server and an “anti-ad and anti-pup” protector thanks to Pi-hole that l ‘we are going to install and configure.
    • We will see that Pi-hole offers many other options including the possibility of being a DHCP server but this will not be configured during the workshop requiring too personal settings for your network.
    • Likewise we will see that other tools can be installed like Adguard, PFsense, etc. but we will give you the necessary information to practice it for yourself if you are interested. But only Pi-hole will be used during the workshop.
    • At the end… Distribution of some surprises and goodies for the most stubborn.

LOGISTICS for you

  1. Hardware: BYOD (Bring your own device). This will allow you to connect to your Raspi via SSH. (Windows, Mac, Linux whatever) (Even for those not used to it or under Windows you will see it will be easy)
  2. Bring a power bar and your cell phone if you want to connect to a Hotspot on your Raspi via your Laptop. (But there will be an in-house router completely independent of the hotel which will also be available for testing)
  3. Everything you deem necessary for your comfort ;)