DNSSEC Hands-on Workshop
Date : 25 – 27 February 2009
Time : 9:00-17:30
Course Fee :    Standard  : 28,000 THB
  Early Bird  : 18,000 THB (until 30th January 2009)
  THNIC members  : 18,000 THB
    ( Early-bird registration fees must be paid before
  or on 30 January 2009 where as Standard registration
  fees must be paid before or on 25 February 2009
  by cheque or wire transfer payment. )

Venue : intERLab Training Center, AIT, Thailand
 : Olaf M. Kolkman, NLnetLabs
   Patrick Wallstrom, .SE (Stiftelsen for Internetinfrastruktur)
Course Duration : 3 days
Jointly organized by:
interlab-logo thnic-logo

Supporting Organizations:
nsrc-logo se-logo nlnetlab-logo


  • To provide the participants with in depth technical information of DNSSEC.
  • To assist ccTLD operators and key stakeholders in deploying DNSSEC for their national registries, registrars and organizations; and
  • To build working relationships among individual, institutional and/or organization contacts that manages national registry, Internet infrastructure as well as governmental services.

Who should attend?

Anyone with an interest in the deployment of DNSSEC, especially ccTLDs operators, ISPs, Banks, Government Agencies, and the others who want to secure their Internet infrastructure and those contemplating whether or not to deploy DNSSEC in their organization.

PART I: Security on DNS: It's Time

Date : 25 February 2009

Venue: Melton Bender Auditorium [map]

What it is?

To cope with the security risk over the DNS, the deployment of DNSSEC is going on around the Internet community by different key stakeholders. The organizations actively engaged in the deployment of DNSSEC as well as .th registry will share the information and experiences on DNSSEC and its deployment.

Why it's Important?

Registries, Registrars, ISPs, Banks, Government Agencies, and the others who want to secure their Internet infrastructure will benefit from the presentation and discussion of the deployment experiences.

Who should attend?

Anyone with an interest in the deployment of DNSSEC, especially representatives from technical, operational, and strategic planning roles of the registry, registrar, ISPs, banks and government agencies.

Drafted Agenda (Policy Part)

10:00 - 10:30 Registration
10:30 - 10:45 Welcome and Introductions
by Prof. Kanchana Kanchanasut, THNIC Foundation
10:45 - 12:00 What's DNSSEC? DNS Overview
by Olaf Kolkman, NLnetLabs
Patrick Wallstrom, .SE (Stiftelsen for Internetinfrastruktur)
   * Demonstration of Attacks to the Kaminsky DNS Vulnerability
   * What's DNSSEC?
   * What's the different between DNS and DNSSEC?
   * What are the objectives of DNSSEC?
   * What are the advantages of DNSSEC?
12:00 - 13:00 Lunch
13:00 - 14:00 DNSSEC in the Field
by Olaf Kolkman, NLnetLabs
Patrick Wallstrom, .SE (Stiftelsen for Internetinfrastruktur)
   * DNSSEC deployment experiences from .SE
   * DNSSEC experiences
   * DNS Softwares, Appliances, Recursive Resolvers, and Next Steps
14:00 - 14:30 Zone Signing Status DNS Overview
   * Root Zone Signing by Olaf M. Kolkman, NlnetLabs
   * .th Zone Signing by Krit Witwiyaruj, .th registry
14:30 - 16:00 How the DNSSEC impact our community
moderated by the Chair of UniNet security working group (TBC)


Course Contents

Venue: intERLab Training Room [map]

This training covers the followings topics:

  • DNS KEYs: risks and management
  • Introduction of DNSSEC
  • Securing zone transfer (TSIG)
  • Securing a zone
  • Delegation of signing authority
  • Troubleshooting
  • DNSSEC deployment
  • DNSSEC Softwares and Tools


Basic knowledge about UNIX System Administration, Basic DNS and Network Operation

Details Agenda

Day 1 : DNSSEC TECHNICAL WORKSHOP, 26th February 2009

Introduction to the Workshop

09:00 - 10:30 DNS Security and Introduction to DNSSEC
10:30 - 11:00 Tea break
11:00 - 12:30 Labs Setup: Installing Software and Building a DNS tree/infrastructure
12:30 - 13:30 Lunch
13:30 - 15:00 DNSSEC Details Resource Records and other theory
15:00 - 17:30 Securing the Labs infrastructure Hands on signing, serving, and troubleshooting
(with walk away for Coffee in between the session)

Day 2 : DNSSEC TECHNICAL WORKSHOP, 27th February 2009
09:00 - 10:30 Introducing DNSSEC in a workflow
How to design your project, components to think about
11:00 - 12:30 DNS KEYs: risks and management
12:30 - 13:30 Lunch
13:30 - 15:00 What needs doing for your domain?
Participants take a stab at a high level project plans
15:00 - 15:30 Tea break
15:30 - 17:00 Software and tools availability and development where to find more information and some hints and tips on writing software with Net::DNS and ldns
17:00 - 17:30 Q&A + Certificates distribution

Biography of instructor

Olaf M. Kolkman
Olaf Kolkman was born (1966) and raised in the Netherlands. He was trained as an astronomer but his interest in Internet technology took hold of his career path around 1996. In that year he moved to a commercial company and implemented a mail to web gateway and a build a customized firewall.

In 1997 he joined the RIPE NCC where he got involved in the test-traffic project and got exposed to Internet standard and policy development. After acting as operations manager for a while he became systems architect in 2000, responsible for DNSSEC deployment at the RIPE NCC. During that project he got more involved in the DNS community and more active in the IETF for instance as chair of the DNS extension's working group.

In 2005 he joined NLnet Labs, a foundation chartered to develop open source software and open standards for the Internet, as chief Executive.

Olaf Kolkman is an IAB member since March 2006 and acts as the IAB chair since March 2007.

Olaf is married to Leidi, has two kids and lives in Uithoorn NL

Patrick Wallstrom
Patrik Wallström has been with .SE since 2002. He is the project manager for DNSSEC at .SE and has been working with DNSSEC deployment for six years. He is also the lead of the Tools & Applications working group at the DNSSEC Coalition. For more than a decade he has been actively involved in the Swedish free software and open source community. Mr Wallström has a background as a consultant within network security and software architecture.


Certificate of paticipation, training materials, lunch and refreshments will be provided.

Please note that the places are limited and the registration will be on a "first come - first served" basis. If you have any further queries, please contact Ms. Wit Hmone at +66-2 524 6611 (for AIT internal user dial 6611 only) or email: training at interlab.ait.ac.th.

Copyright © 2007 intERLab