Reverse DNS for IPv4 and IPv6

Thumbnail for post.

Overview

Reverse DNS allows the mapping of a domain name from an IP address. This is achieved by the use of pseudo-domain names under in-addr.arpa (IPv4) and ip6.arpa (IPv6). For all IP address blocks that IANA (the Internet Assigned Numbers Authority) allocates to APNIC, it also delegates corresponding reverse DNS zones within the centrally administered “in-addr.arpa” and “ip6.arpa” domains.

Outline

This course will cover the following topics:

  • What is Reverse DNS?
  • Principles of DNS Tree
  • Creating Reverse Zones
  • Pointer (PTR) Records
  • IPv6 Reverse Lookups
  • Reverse delegation requirements
  • APNIC & ISPs responsibilities
  • Reverse Delegation Procedures
  • Whois domain object

Materials

DNS Ecosystem Security

Thumbnail for post.

Overview

The Domain Name System (DNS) is a critical part of Internet infrastructure. This course will provide an overview of the DNS Ecosystem, various threats and abuses in the DNS and important practices in protecting the DNS. The course will also touch on DNS Security Extensions (DNSSEC)

Outline

This course will cover the following topics:

  • Overview of DNS Ecosystem
  • DNS threats and abuses
  • Securing DNS

Materials

Champika Wijayatunga

Thumbnail for post.

Champika is the Technical Engagement Manager for the Asia Pacific region at Internet Corporation for Assigned Names and Numbers (ICANN). Prior to ICANN, Champika held managerial, specialist and liaison roles at the Asia Pacific Network Information Centre (APNIC), the Regional Internet Registry for the Asia Pacific. He started his career with IBM Corporation as a Technical Specialist and later worked in IT industry, academia, research, and training environments. He also serves in various technical community groups and committees.

DNS Privacy: DoH/DoT

Thumbnail for post.

Overview

Learn the concepts of DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT), and how standards development of DoH/DoT attempts to add encryption and security to the Domain Name System (DNS) and fix some of the long-standing privacy issues with DNS.

Outline

This course will cover the following topics:

  • A brief overview of DNS
  • DNS Privacy
  • DNS cloud providers
  • DNS over TLS
  • DNS over HTTPS
  • Issues and criticisms
  • Future of DNS privacy

DNSSEC

Thumbnail for post.

Overview

Course Overview

The DNS (or the Domain Name System) is a distributed, hierarchical system for mapping domain names to IP addresses. As it plays a critical role in the functioning of the Internet infrastructure, the DNS is often the target of malicious activities.

This course will outline the DNS Security Extensions (DNSSEC) protocol that protects against data spoofing.

Course Outline

This course will cover the following topics:

  • DNS Vulnerabilities
  • What is DNSSEC?
  • How DNSSEC Works
  • RRs and RRsets
  • DNSKEY
  • RRSIG
  • NSEC Record
  • NSEC RDATA
  • Chain of Trust
  • Types of Keys & Generating Key Pairs
  • Setting up a Secure Zone

Course Materials

DNS Concepts

Thumbnail for post.

Overview

Course Overview

The Domain Name System (DNS) is a critical part of Internet infrastructure and the largest distributed Internet directory service. DNS translates names to IP addresses, which is required for web navigation, email delivery, and other Internet functions. To guarantee the availability of Internet services, it is important for networking professionals to understand DNS concepts, configurations, operations, and basic security aspects.

This course will discuss the concept of DNS, including basic security mechanisms.

Course Outline

This course will cover the following topics:

  • What is DNS?
  • DNS Features
  • Domain and Namespaces
  • Zones and Delegation
  • Querying the DNS Tree
  • Nameservers
  • Resource Records
  • Performance of DNS

Course Materials

DNS Security (Client Perspective)

Thumbnail for post.

Overview

Course Overview

The Domain Name System (DNS) is a hierarchical decentralized system that assists humans in not needing to memorize long strings of numerical IP addresses. It has become so ubiquitous, that it forms part of critical information infrastructure, and with many businesses relying on its continued stability and security.

This course will examine the complex interactions of this system, from domain registration to name resolution, the security risks of each component, and the mitigation options currently available.

Course Outline

This course will cover the following topics:

  • Life of a domain name
  • Where can domain names go wrong?
  • Life of a DNS request
  • Where can DNS go wrong?
    • Confidentiality
    • Integrity
    • Availability

Course Materials

Quiz & Certificate

Click the link below to go to the quiz.

Go to Course Quiz

Sheryl (Shane) Hermoso

Thumbnail for post.

Sheryl has had various roles as a Network and Systems Administrator before joining APNIC. She started her career as a Technical Support Assistant while studying at the University of the Philippines. Sheryl later finished her degree in Computer Engineering and continued to work in the same university as a Network Engineer, where she managed the DILNET network backbone and wireless infrastructure.

Tashi Phuntsho

Thumbnail for post.

Tashi has experience in IP and transmission network design, operation, and maintenance having worked as a transmission engineer and IP core network engineer for more than a decade. He has been involved in capacity development in the APNIC community by providing technical assistance and training in number of technical areas such as Routing & Switching, Network Architecture, IXP design and deployment, Network Security, IPv6 deployment, DNSSEC, and so on.

Tashi completed his undergraduate studies in Electrical and Electronics engineering from India, complemented by research studies in next generation networks from Japan and postgraduate studies in Network Systems from Australia.