Home Lab Setup SEED Labs Books Lectures Workshops



DNSSEC is a set of extension to DNS, aiming to provide authentication and integrity checking on DNS data. With DNSSEC, all answers from DNSSEC protected zones are digitally signed. By checking the digital signature, a DNS resolver is able to check if the information is authentic or not. With such a mechanism, the DNS cache poisoning attack can be defeated.

To help students understand how DNSSEC works, we will enhance the miniature DNS system developed with DNSSEC. Students will configure each of the nameservers, so they all support DNSSEC.

Tasks (PDF)

Time (Suggested)

  • Supervised (closely-guided lab session): 2 hours
  • Unsupervised (take-home project): 1 week

SEED Videos

SEED Books (English)

  • Internet Security: A Hands-on Approach, 3rd edition (§ 11)

Feedback and Help

Please give us your feedback on this lab using this feedback form.
The SEED Labs project is open source. If you are interested in contributing to this project, please check out our Github page: https://github.com/seed-labs/seed-labs.