Understanding the details of how DNSSEC keys and signatures are managed, as well as how the proof of non-existence (NSEC) works, will help any administrator maintain a valid DNSSEC identity.
This series of 10 lectures will take you through a full-day class on DNSSEC theory, history, implementation and troubleshooting, using current versions of BIND 9.
1 - Why do we need DNSSEC?
2 - DNSSEC Development & Deployment (history)
3 - Basic Cryptography and DNS background for DNSSEC
4 - Resolution and Validation
5 - Record Types, Keys, Signatures and NSEC
6 - Record Types, Keys, Signatures and NSEC, pt2
7 - Signing with BIND
8 - Key Rollover, Algorithm Rollover
9 - Key maintenance, including the new KASP tool in BIND, Negative trust anchors
10 - Troubleshooting DNSSEC issues
---
Learn more at http://www.isc.org