DE | EN
<

2-day DNSSEC Workshop with ICANN

@eco Cologne

2025-11-06 - 2025-11-07
10:30 AM - 03:00 PM
Download ics/ical
Register now!

2025 is dedicated to the "Email Security Year" campaign by the German Federal Office for Information Security (BSI), in which eco is actively participating. The goal is to promote key security mechanisms such as SPF, DKIM, DMARC, DANE and DNSSEC and thereby sustainably secure email communication.

DNSSEC plays a key role in this: The Domain Name System (DNS) forms the foundation of almost all Internet services – from name resolution and email security to modern applications. Without DNSSEC, attacks such as phishing, spoofing or redirection to manipulated websites can bypass existing protective measures and undermine trust in Internet communication.

  • Email Security: Technologies like SPF, DKIM and DMARC rely on DNS entries to prevent phishing and spoofing. DNSSEC is a fundamental prerequisite for DANE.
  • Authentication: SSH fingerprints, certificates or cloud tokens are provided via DNS.
  • Network configuration: Client systems obtain important information for communication and connectivity via DNS.

Precisely because DNS is so central, it represents an attractive target for attacks. Without additional security mechanisms, DNS data can be forged or manipulated in transit. The consequences range from redirection to fake websites to the circumvention of established security mechanisms such as TLS certificates or same-origin policies in web applications.

Workshop objective: In cooperation with ICANN, this two-day workshop provides hands-on training on how DNSSEC works, how it can be implemented, and how it can be integrated into existing DNS infrastructures. In addition to the technical fundamentals, organisational aspects, best practices and the significance of DNSSEC in an international context will also be addressed.

Workshop content:
• Brief introduction / DNS summary
• Signing
• Validation
• Non-existence
• Key management
• Chain of Trust
• Policy Considerations
• Setting up validation in a Recursive Server
• Signing Zones (Authoritative Servers)
• DNSSEC operations and maintenance
• Tools: Troubleshooting and Monitoring

Labs:

• DNS/DNSSEC debugging
• Zone creation and configuration: primary and secondaries
• Zone signing: manual and automatic signing
• Establish and confirm chain of trust
• DNSSEC validation (recursive resolver)

Your Trainer:

Ulrich Wisser


Ulrich WISSER has joined ICANN Org as Regional Technical Engagement Manager for Europe. His main responsibility is to support ICANN Org’s technical engagement activities in the region (training, dissemination of DNS standards and best practices, promotion of research, etc.). He reports to Adiel Akplogan, VP Technical Engagement in the Office of the Chief Technology Officer.

Before joining ICANN, Ulrich worked for 15 years at the Foundation for Internet Infrastructure, the Swedish ccTLD registry (.SE). He was Co-Chair of the Centr Tech Working Group and a member of the DNS-OARC Programme Committee.
He holds a 4th Dan and is a licensed judo instructor.





Event Location:

eco - Association of the Internet Industry
Lichtstrasse 43h
50825 Cologne, Germany

Hotel recommendation:

The B&B Hotel Köln City is located just a few minutes away from eco.

Register