By David Beck | 61 Min Video | Technical Level: Intermediate

Men & Mice instructor, David Beck, discusses DNS cookies and how your security measures can benefit from using them. DNS Cookies are a modern security system providing protection for queriers, for domain name owners, for innocent bystanders, and for DNS servers. Cookies mitigate against bogus answers, cache poisoning, and reflection/amplification attacks that lead to denial of service (DoS). After demonstrating these threats, we will dive into the details of how cookies function. Topics in this webinar are covered in the course, DNS and Bind Advanced (DNSB-A) and DNS & BIND Week (DNSB-W). 

Key Topics:

DNS Cookie Security – 1:19
Protections – 2:51
Client Cookies/Server Cookies – 13:47
Client/Server Support – 14:50
DNS Cookie Facts – 15:42
Cookies – 16:56
Cookies in dig – 29:45
BADCOOKIE – 42:37
Cookies in Named – 44:19
Named Config: Options – 48:02 

View more videos like this on our YouTube Channel.

DNS & BIND Week (DNSB-W) Description: 

Nothing is taken for granted, and the labs begin by downloading, compiling, and installing BIND. Each student creates BIND configuration from scratch for authoritative and recursive servers. They create zone files from scratch for an authoritative masters. DNS tools such as dig,rndc, named-checkconf, & named-checkzone, are taught in-depth and used extensively in the labs. Those with previous DNS and BIND skills report that the start of the course, which assumes nothing, fills in knowledge gaps, corrects misconceptions, and that it moves on to unknown topics and new material. Hands-on and full of laboratory exercises.

Recently, we have added four new sections on DNS Cookies, Response Policy Zones (RPZ), Response Rate Limiting (RRL) and dnstap. Many new labs have been added, including several problem solving and debugging labs along with additional quizzes.

DNS & BIND Week can be taken as two independent courses, DNS & BIND Fundamentals (DNSB-F) and DNS & BIND Advanced (DNSB-A). However, DNSB-W comes at a discount of $150 off the price of the individual courses and is recommended for most participants.

While implementation details are specific to BIND, the course’s theory and the practical skills gained in the labs are applicable to all DNS systems. DNS has many exotic, outdated, and rarely implemented features. Those are not covered!

Want to learn more about David’s classes? View their descriptions here.