Domain Name System (DNS) Protection (Operational network security) – new for 2020 – virtual learning with experts

DNS protection – module overview

This is the third module of the “Operational network security” training programme delivered by GEANT WP8 Task 1.

The Domain Name System (DNS) is one of the oldest protocols of the Internet. It has proven to be capable to scale with the tremendous growth of the Internet while being adaptable to a variety of new applications, several of them relevant to the security of today’s networks. Being a protocol from days when the Internet was much smaller and thought to be safe, it has to cope with its own inherent security problems.

The module will start with an introduction to DNS which will outline the basic security problems surrounding its operation. The following sessions will deal with using the domain name system for network defense, like blackholing malicious domains and logging queries to infer intruder activity on the own network. The follow-on sessions will address the inherent security problems of DNS, starting with integrity protection through DNSSec and concluding the module with a session on privacy protection through DNS over TLS (DoT) and DNS over HTTP (DoH).


The training is open to all GÉANT members and their member organisations.

Who will benefit from attending this training programme?

  • System/network administrators at NRENs or NREN member organisations
  • System administrators at computing centres or NOCs
  • Broader categories of professionals with the interest in these subjects


Basic administration knowledge about operating systems and networking should be present.

To register to attend all or selected sessions in this module please click here.

DNS Protection – sessions (live online) schedule

All sessions will be recorded and added to the existing playlist, to access the playlist please click here.

Session titleDate/timePresenter
Introduction to DNS and its Security Challenges – meet the problems

The copy of the presentation is available to view here.

The Domain Name System (DNS) is one of the core services of the Internet  as we know it today. It was designed in 1983 and has been a critical part of the Internet infrastructure ever since.
This session gives an overview of how DNS works and, crucially, what security implications its design and operation ha
30/11/2020 2 pm CETTobias Dussa
DNS for Network Defence – Using DNS to protect and observe

The copy of the presentation is available to view here.

DNS is used not only for the mapping of names to IP addresses and vice versa. This session outlines several use cases using information provided by DNS servers and how it can be used to protect the local network from malicious activities, like SPAM or drive-by infections.
This is followed by a block on monitoring DNS queries to collect information about ongoing intruder activity on an organisation’s network.
03/12/2020 2 pm CETKlaus Möller
DNSSEC – Protecting the integrity of the Domain Naming System

The copy of the presentation is available to view here.

Although being hampered by slow adoption, DNSSEC has proven to deal effectively with the integrity problems of DNS.
This module introduces the general concepts of DNSSEC and provides a practical example by implementing DNSSEC in a local zone.
07/12/2020 2 pm CETKlaus Möller
DNS Privacy Protocols – Encrypted DNS queries for privacy protection

The copy of the presentation is available to view here.

With the integrity of DNS taken care of by DNSSEC, inspection of DNS query data has been used with good and for bad intentions by various actors on the Internet. “DNS over TLS” (DoT) and “DNS over HTTPs” (DoH) have been created as ways to mitigate the latter, while unfortunately also interfering with the former.

This session will give insights into the workings and configuration of DoT and DoH, and explain trade-offs organisations’ network administrators have to make between security and privacy on their network as well as show how to deal with some of them.
10/12/2020 2 pm CETKlaus Möller

Meet the experts

The training programme is delivered by a team of experts in the field:

Klaus Möller, DFN-CERT – Klaus has been working with DFN-CERT since 1999 as an incident responder, advisory writer, and security consultant. He has developed and carried out numerous trainings in  network security.

Stefan Kelm, DFN-CERT – Stefan has been working in the field of computer security all his professional life, starting back in the early 1990s. He currently is involved in forensics, malware analysis, threat intelligence, and log file analysis.

Tobias (Toby) Dussa, DFN-CERT – Toby has been involved with IT security during his whole entire career.  After fifteen years at KIT, managing KIT-CERT and taking on IT security issues of all kinds, he has joined DFN-CERT in 2020.

The DFN-CERT is the security provider for the German National Research and Education Network, DFN

If you just joined us the section below provides the information about the training programme, its outline and the listing of the next two modules.

Training programme Overview

There is no need to stress the importance of security, and as a more recent addition: privacy, in NREN networks. But while the importance of security and privacy is widely recognized, training in these areas has often been aimed at the security personell tasked with handling incidents, while the system and network administration seems to have been neglected.

The “Operational network security” training programme has been created as a result of collating experiences and conducting discussions with security offices and network operators.

Its aim is to address a number of common security risks that NRENs face in their day-to-day operations: authentication, logging, audit, privacy, 1st Hop security, DNS security and protection from Distributed Denial-of-Service attack.

Programme outline

The training programme consists of a number of live online, instructor-led sessions covering a wide range of subjects (sub-modules):

Sub-module titleDates
1. Operating system privacy and security
03 to 13 August 2020 – completed. To access session
recordings and accompanying presentations click here.
2. Client Privacy and Security21 September to 30 September 2020 All sessions will be recorded and added to the existing playlist, to access the playlist please click here.
3. Domain Name System (DNS) protection30 November to 11 December 2020
4. Distributed Denial of Service (DDoS) protection08 February to 19 February 2021
Monday       08 February 2021     Introduction to DDoS Attacks
Wednesday 10 February 2021     Details of selected DDoS Attacks
Monday       15  February 2021    DDoS Detection
Wednesday 17 February 2021     DDoS Mitigation

Registration will open in early January 2021.

We will add further details as soon as all the arrangements for each module are finalised.

In the meantime if you have any queries about the programme and/or registration please get in touch with

Look forward to seeing you soon!