Skip to main content
Resources

Technical Engagement Training Course Catalogue

If you are interested in having the Technical Engagement team present any of the courses listed in the catalogue, or would like more information, please do not hesitate to contact us.

ICANN's Technical Mission

DNS 101

DNSSEC 101

Advanced DNS

Advanced DNSSEC

Registry Operations for ccTLDs

OSINT: Fighting DNS Abuse (DNS Abuse for LEAs)

DNS Abuse: Threats and Mitigation

Introduction to RDAP for Domain Names Registrations

DNS Ecosystem Security

DNS for Internet Service Providers

Network Operation Security

UA: Email Address Internationalization (EAI)

UA: Universal Acceptance for Java Developers

Credential Management Lifecycle: Operational Best Practices

Title: ICANN's Technical Mission

Audience: General Public, Newcomers, Policy Makers

Duration (Remote Delivery): 1 hour

Prerequisite Courses: None

Description: This course will provide an overview of ICANN's technical mission. Beyond the policy development coordination role for the community, ICANN plays a significant role coordinating the technical aspects of the Internet's unique identifier system.

Expected Outcome
Participants should be equipped to understand and explain ICANN's technical missions and engage.

Course Outline

  • ICANN Ecosystem
  • Introduction to Unique Identifiers
  • Numbers: IANA function & the RIR System
  • Protocol Parameters: IANA function and The IETF
  • Names: DNS, DNS Resolution, Root Server System
  • The Registry/Registrar/Registrant model
  • Security, Stability, and Resiliency: DNSSEC, Compliance, OpSec
  • Policy Development Processes and Stakeholder Engagement

Title: DNS 101

Audience: General Public, Newcomers, Policy Makers, Network Engineers

Duration (Remote Delivery): 2 hours

Prerequisite Courses: None

Description: This course will provide participants with basic knowledge of how DNS works and how the different DNS components interact with each other.

Expected Outcome
Participants will be able to understand the concepts of the Domain Name System.

Course Outline

  • Brief History of DNS
  • The Name Space, Delegation, Zones
  • Components for the DNS: Authoritative Servers, Resolvers (Stub & Recursives)
  • Root Server System 101
  • DNS Data: Zone Files, RR Types, Glue
  • DNS Security Overview

Title: DNSSEC 101

Audience: DNS Administrators, Policy Makers with technical background, Network Engineers

Duration (Remote Delivery): 4 hours

Prerequisite Courses: DNS 101

Description: To protect DNS data, it is important for DNS operators to understand DNS Security Extensions (DNSSEC). This course will discuss the DNSSEC concepts in detail covering the signing and validation of DNS data.

Expected Outcome
Participants should be able to understand the concepts of DNSSEC and the deployment aspects.

Course Outline

  • Public Key Cryptography
  • DNSSEC Overview
  • Signing
  • Validation
  • Non-existence
  • Key management
  • Chain of Trust
  • Policy Considerations

Title: Advanced DNS

Audience: Technical staff who are involved in the operation of DNS and managing, administering DNS servers

Duration (Remote Delivery): 6 hours

Prerequisite Courses: DNS 101

Description: This course will discuss the DNS operations, configurations and security in detail. Participants will be involved in lab exercises to configure DNS servers and apply various security considerations.

Expected Outcome
Participants should be able to understand the DNS operations in detail.

Course Outline

  • Configuring Recursive Servers
  • Configuring Authoritative Servers
  • Zone transfers
  • ACLs
  • TSIG
  • Logging
  • Reverse DNS
  • DNSSEC Overview

Title: Advanced DNSSEC

Audience: Technical staff who are involved in the operation of DNS and managing, administering DNS servers

Duration (Remote Delivery): 6 hours

Prerequisite Courses: DNS 101, DNSSEC 101

Description: This course will discuss the DNSSEC concepts in detail. The course also provides an understanding of DNS-based Authentication of Named Entities (DANE) protocol. Participants will be involved in lab exercises to configure DNSSEC.

Expected Outcome
Participants should be able to prepare themselves towards the deployment of DNSSEC.

Course Outline

  • Resource Records: DNSKEY, RRSIG, NSEC, DS
  • Setting up validation in a Recursive Server
  • Signing Zones (Authoritative Servers)
  • DNSSEC operations and maintenance
  • Tools: Troubleshooting and Monitoring
  • Overview of DANE, TLS, and DNSSEC

Title: Registry Operations for ccTLDs

Audience: ccTLD managers and operational staff who are involved in the registry operations

Duration (Remote Delivery): 4 hours

Prerequisite Courses: DNS 101

Description: This course will discuss DNS registry operations, best practices, and management aspects, focusing on ccTLDs.

Expected Outcome
Participants should be able to understand the best current practices in operating ccTLD registries.

Course Outline

  • Registry Ecosystem @ICANN: GNSO, ccNSO, SSAC
  • ccTLD Registry Operation
  • DNS and Zone file(s) Management
  • Name registration (WHOIS/RDAP)
  • Registrar Management
  • Registry Best Practices
  • Security Considerations (DNSSEC, TLD-OPS)

Title: OSINT: Fighting DNS Abuse (DNS Abuse for LEAs)

Audience: Law Enforcement personnel who are involved in handling abuses related to Internet Identifiers

Duration (Remote Delivery): 2 hours

Prerequisite Courses: DNS 101

Description: This course will discuss the best practices in handling DNS abuse and various tools to identify such abuses related to DNS. The course also covers how law enforcement authorities can engage with ICANN.

Expected Outcome
Participants should be able to understand the various aspects of DNS related abuses and to use publicly available tools to identify those.

Course Outline

  • Internet Identifier Security
  • Introduction to public registration data: WHOIS & RDAP
  • Investigating DNS Abuse: Tools and Techniques
  • Engaging with ICANN: PSWG, Policy development, Capacity Building

Title: DNS Abuse: Threats and Mitigation

Audience: Law Enforcement, CERT, and CSIRT personnel who are involved in handling abuses related to Internet Identifiers

Duration (Remote Delivery): 2 hours

Prerequisite Courses: DNS 101

Description: This course will provide a comprehensive discussion on how adversaries abuse and leverage the DNS and domain registration services to carry out different types of attacks and how such abuses can be prevented.

Expected Outcome
Provide law enforcement personnel the necessary knowledge to handle DNS abuse issues and to use public domain tools in relation to the context.

Course Outline

  • DNS Threats & Abuses Overview
  • Cryptography
  • Security Considerations: SSH, DNSSEC, SPF, DMARC, DKIM, etc.
  • Investigating DNS Threats & Abuses: Tools and Techniques
  • Incident Response

Title: Introduction to RDAP for Domain Names Registrations

Audience: DNS Admins, Network Engineers, Policy Makers with technical background, General Public

Duration (Remote Delivery): 2 hours

Prerequisite Courses: None

Description: This course will provide participants an overview of the new protocol intended to replace WHOIS protocol used for domain name registration data.

Expected Outcome
Participants should be able to understand RDAP, its advantages, and the changes it introduces to registration data.

Course Outline

  • Introduction to Whois
  • Introduction to RDAP Protocol
  • RDAP Output Format
  • RDAP Queries and responses
  • gTLDs and RDAP: Existing support and EDPD
  • RDAP Tooling

Title: DNS Ecosystem Security

Audience: Engineers, DNS administrators, Policy personnel with technical background

Duration (Remote Delivery): 2 hours

Prerequisite Courses: DNS 101

Description: This course will cover the best practices in securing the overall ecosystem of DNS, from the threats to mitigation perspective.

Expected Outcome
Participants should be able to understand the best practices in securing the DNS.

Course Outline

  • Introduction: An Example Attack
  • Refresher: Inter-domain Routing 101
  • Refresher: DNS Resolution 101
  • Common Attacks: Cache Poisoning, Fast Flux, Homographic Attacks, Emojis, IoT, etc.
  • Mitigation with DNSSEC
  • Mitigation with RPKI
  • Mitigation with Request Data Encryption DNS (Stub-->Resolver)
  • Mitigation with DMARC, SPF, or DKIM
  • Credential Management
  • Collaborating with ICANN

Title: DNS for Internet Service Providers

Audience: Technical staff of ISPs and Network Operators

Duration (Remote Delivery): 4 hours

Prerequisite Courses: DNS 101, DNSSEC 101

Description: This course will discuss the important elements of DNS typically handled by the ISPs and Network Operators, such as operating secured recursive resolvers and the deployment of best current practices.

Expected Outcome
Participants should be able to understand the secure operation of recursive servers.

Course Outline

  • Open vs. Closed Resolvers
  • DNSSEC Validation
  • DoH and DoT
  • Hyperlocal
  • Monitoring & Troubleshooting
  • RPKI (Routing security) and DNS Operations
  • Reverse DNS

Title: Network Operation Security

Audience: Technical staff who manage and administer networks

Duration (Remote Delivery): 2 hours

Prerequisite Courses: DNS 101

Description: This course will cover security best practices and provide skills to monitor and increase overall security of network infrastructure.

Expected Outcome
Participants should be able to understand and enhance security in their networks.

Course Outline

  • Internet Identifiers and Security Best Practices
  • Cryptography
  • Security Mechanisms
  • Credential Management
  • Monitoring and Tools
  • Incident Response

Title: UA: Email Address Internationalization (EAI)

Audience: Mail Server Administrators, System Administrators, Network Engineers

Duration (Remote Delivery): 2 hours

Prerequisite Courses: None

Description: This course will discuss the Email Address internationalization (EAI) concepts and mail server compliance.

Expected Outcome
Participants should be able to understand EAI and how to configure mail servers to be EAI compliant.

Course Outline

  • Introduction to Unicode, IDNs, and EAI
  • EAI Changes
  • Delivery Path Considerations
  • Postfix and Courier Configurations

Title: UA: Universal Acceptance for Java Developers

Audience: Application Developers, System Engineers, IT Managers, Software Providers

Duration (Remote Delivery): 2 hours

Prerequisite Courses: None

Description: This course will provide participants general and technical knowledge on Universal Acceptance issues and functions to be UA ready.

Expected Outcome
Participants should be able to understand the Universal Acceptance of domain names and email addresses from developers perspective.

Course Outline

  • Introduction to Unicode, IDNs, and EAI
  • Validating UA Identifiers
  • Using UA Identifiers: Email and DNS Resolution
  • Best Practices

Title: Credential Management Lifecycle: Operational Best Practices

Audience: Engineers, DNS administrators, Policy personnel

Duration (Remote Delivery): 2 hours

Prerequisite Courses: DNS 101

Description: This course will introduce the Credential Management and cover the various phases of its lifecycle. The course will also discuss the best practices in managing credentials.

Expected Outcome:

Participants should be able to understand the credential management in detail especially focusing DNS.

Course Outline

  • Introduction to Credential Management
  • DNS Ecosystem
  • Compromises in the DNS Ecosystem
  • Credentials used in DNS
  • Credential Management Lifecycle
  • Credential Management Best Common Practices
Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."