SEED Project

DNSSEC Lab

Overview

DNSSEC is a set of extension to DNS, aiming to provide authentication and integrity checking on DNS data. With DNSSEC, all answers from DNSSEC protected zones are digitally signed. By checking the digital signature, a DNS resolver is able to check if the information is authentic or not. With such a mechanism, the DNS cache poisoning attack can be defeated.

To help students understand how DNSSEC works, we will enhance the miniature DNS system developed with DNSSEC. Students will configure each of the nameservers, so they all support DNSSEC.

Tasks (PDF)

VM version: This lab has been tested on our SEED Ubuntu-20.04 VM
Lab setup files
- Labsetup.zip
- Labsetup-arm.zip (for Apple Silicon machines)
Manual:: Docker manual

Time (Suggested)

Supervised (closely-guided lab session): 2 hours
Unsupervised (take-home project): 1 week

SEED Videos

Udemy: Internet Security: A Hands-on Approach (§ 7)
Identical videos are available on NetEase (for Mainland China)

SEED Books (English)

Internet Security: A Hands-on Approach, 3rd edition (§ 11)

Feedback and Help

	Please give us your feedback on this lab using this feedback form.
	The SEED Labs project is open source. If you are interested in contributing to this project, please check out our Github page: https://github.com/seed-labs/seed-labs.