Overview

Introduction

Welcome to the Protocol Security with DNSsec Practice Lab. In this module, you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

  • Exercise 1 - Prepare System Requirements for DNSSEC
  • Exercise 2 - Configure DNSSEC

After completing this lab, you will be able to:

  • Understand how to implement DNSsec
  • How to enable DNSSEC on DNS Server

Exam Objectives

The following exam objectives are covered in this lab:

  • Understand how to enable DNSsec to validate DNS responses between DNS server and DNS client

Lab Duration

It will take approximately 30 minutes to complete this lab.

Exercise 1 - Prepare System Requirements for DNSSEC

Domain Name System or DNS is a name resolution service for translating hostnames to the numeric IP address in the public Internet and in private networks that run Windows operating systems.

When resolving hostnames to IP addresses, a DNS server operates on the premise that it is a trusted service and can be relied on to give accurate information about the host that a DNS client wishes to contact.

One example is when an intruder creates a DNS server to impersonate a legitimate company’s DNS with the intent of redirecting users to his own DNS server. This type of DNS exploit is normally carried out by a man-in-the-middle attack. To address this issue, DNS can be protected from exploitation by enabling DNS Security Extensions or DNSSEC.

Domain Name System Security Extensions or DNSSEC is a set of extensions that add a layer of security on DNS server by enabling responses sent to DNS clients (resolvers) to be validated. When a DNS resolver queries a zone is signed by DNSSEC, authenticity, and integrity of responses is ensured with the use of security keys.

For this exercise, we will prepare the requirements to successfully test DNSSEC on Windows Server 2012 R2 by creating a secure zone, configure resource records and install a secondary domain controller.

Learning Outcomes

After completing this exercise, you will be able to:

  • Understand how to implement DNSsec

Exercise 2 - Configure DNS Security Extensions (DNSSEC)

DNS Security is a set of specifications in TCP/IP that provides security on resource records given by DNS Server to DNS clients or resolvers. This feature provides authentication of DNS data and integrity and protects DNS server from potential spoofing attacks from intruders.

In this exercise, you will enable DNNSEC on the secure.practicelabs.com zone, distribute the keys with the use of trust anchors among servers and verify name resolution from a DNS client or resolver.

Learning Outcomes

After completing this exercise, you will be able to:

  • How to enable DNSSEC on DNS Server

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.