What to bring:

All actual work will be done on a Linux Xen server hosting a virtual Linux server per student. Ethernet is preferred, wireless is optional. Internet access is required.

The student is required to bring a working laptop. It should have networking, an SSH client (PUTTY for Windows, OpenSSH for Linux/OSX), a text editor that they are comfortable with, and a web browser.

The student may be required to reconfigure the network settings on their laptop.

All other software will be provided by the instructors, and will be accessed by the student via SSH.

Black Hat USA 2010 Weekend Training Session

July 24 - 25

Black Hat USA 2010 Weekday Training Session

July 26 - 27

Understanding and Deploying DNSSEC

Paul Wouters and Patrick Nauber

Register Button


Fifteen TLD's, including ".gov" and ".org", now use DNSSEC, and if all
goes as planned, the root will be signed before Black Hat USA 2010 starts,
with ".com" will follow in 2011. DNSSEC is here to stay, and sooner or
later DNS administrators will have to know how to use it on their zones,
and how to use it for their end-users. The US Government made DNSSEC
mandatory to implement in 2010.

This course will teach the theory of DNSSEC as required from an
operational perspective. You will lean how to use the available DNSSEC
software such as Bind, Unbound and Microsoft DNS. You will learn how to
create and publish a DNSSEC signed domain. And importantly, how to deal
with the DNSSEC key management, the core complexity of using DNSSEC. It
will teach how to configure DNS resolvers to take advantage of DNSSEC with
minimal infrastructure changes. There are many pitfalls to be aware of,
and these will be shown and taught.

The course is given over two days. Both days consist of a theoretical
part and lab session in the morning, and another theoretical part and
lab session in the afternoon.

Participants only need a laptop with an ssh client to participate.

Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered.


Paul Wouters

Paul Wouters has been involved with Linux networking and security since he co-founded the Dutch ISP Xtended Internet back in 1996, where he started working with FreeS/WAN IPsec in 1999 and with DNSSEC for the .nl domain in 2001.

He has been writing since 1997, when his first article about network security was published in LinuxJournal in 1997. Since then, he has written mostly for the Dutch spin-off of the German c't magazine, focusing on Linux, networking and the impact of the digital world on society. Paul is the principle author of the book “Building and Integrating Virtual Private Networks with Openswan”, published by Packt Publishing.

Paul has presented papers at SANS, OSA, CCC, HAL, Black Hat and Defcon, and several other smaller conferences.

He started working for Xelerance in 2003, focusing on IPsec, DNSSEC and delivering trainings.

Paul received a B.Ed Chemistry and Biology from the Noordelijke Hogeschool Leeuwarden in The Netherlands.

Patrick Naubert

Patrick Naubert has been involved with network security since 1992 when he founded Resudox Online Services, one of the first ISP's in Ottawa, Canada. Patrick also co-founded Milkyway Networks in 1994, and founded Tyger Team Consultants in 1997. As part of Milkway Networks, Patrick installed and configured hundreds of firewall systems. Patrick trained and was responsible for the support of most of Milkway Networks' clients. As the head of Tyger Team Consultants, Patrick was continually involved in clients' vulnerability assessments and network architecture reviews.

In his spare time, Patrick is a CISSP trainer and also teaches Windows Vulnerability Countermeasures.

Patrick graduated from Universite de Sherbrooke in Canada in 1990, Bachelor of Computer Science with a Business minor. Patrick is delighted to have no criminal record at this time.

Register Button

Super Early:
Ends Apr 1
Ends May 15

Ends Jun 15

Ends Jul 23