This is part of the AfNOG 2011 Workshop, held in conjunction
with the AfNOG meeting in Dar es Salaam, Tanzania, in May 2011.
Daily Time Schedule:
Morning
-------
Session-1 08:45am - 10:45am
Tea Break 10:45am - 11:00am
Session-2 11:00am - 01:00pm
Lunch Break 01:00pm - 02:15pm
Afternoon
---------
Session-3 02:15pm - 04:15pm
Coffee Break 04:15pm - 04:30pm
Session-4 04:30pm - 06:30pm
Dinner 06:30pm - 08:00pm
Evening
-------
Session-5 08:00pm - 10:00pm
In addition to this detailed timetable you can see a summary timetable as well.
Monday morning 8:45am
o Introduction and logistics -- Ayitey Bulley
o DNS Session-1 (Fundamentals): -- Michuki Mwangi
* DNS Materials.
* Goal: to understand overall purpse and structure of DNS
+ IP addresses vs. names
+ DNS as a distributed, hierarchical database
+ Domain names and resource records:
- A, PTR, MX, CNAME, TXT, SOA/NS
+ Domain name lookup responses
+ Reverse DNS
+ DNS as client-server model
- Resolver
- Cache
- Authoritative server
+ Testing DNS (dig)
+ Understanding output from dig
+ Practical Exercises:
- Configure Unix resolver
- Use dig { A, other (e.g. MX), non-existent answer, reverse lookup }
- Use tcpdump to show queries being sent to cache
Monday morning 11:00am
o DNS Session-2 (DNS Caching Operation & DNS Debugging): -- Joe Abley
* Goal: to understand operation of a recursive nameserver
+ Recap of previous session
+ DNS as a distributed database.
+ Resource record NS: referral of answer
+ Caching nameserver and root servers
+ Caching used to reduce load (esp. top level servers)
+ Issue of stale data in caches (problems with distributed systems).
- TTL records on each record
- Negative TTL in SOA
+ Recursion and caching (dig +norec)
+ Demo: www.ticscali.co.uk
+ Practical Exercise:
- Debugging DNS Worksheet (with dig +norec ):
. Students work on their own examples
+ Configuring a caching nameserver
- check /var/named/etc/namedb/named.conf
- run tcpdump
- rndc start
- change /etc/resolv.conf to point to your nameserver
- querry two times - { Look at 'aa' flag, TTL, query time }
- rndc flush
- cache is authoritative for 127.0.0.1
Monday afternoon 2:00pm
o DNS Session-2 (DNS Caching Operation & DNS Debugging): -- Joe Abley
* Goal: to understand operation of a recursive nameserver
+ What sort of hardware would you choosing when building a DNS cache?
+ Improving the configuration of a cache NS
+ Managing a caching nameserver
+ Practical Exercise:
- Building your own cache nameserver
- Improving the configuration of the cache NS
+ Question and Answer session
+ Summary
Monday afternoon 4:15pm
o DNS Session-3 (Configuring Authoritative Name Servers): -- Michuki Mwangi
* Goal: to properly configure an authoritative nameserver
+ Recap of caching NS
+ DNS Replication
+ Outside world cannot tell the difference between master and slave
+ When does replication take place?
+ Two (2) Dangers with serial numbers
+ Configuration of Master & Slave NS
- Format of Resource Records { SOA and NS }
+ Ten (10) Common DNS Operational and Configuration Errors (RFC1912)
Tuesday morning 8:45am
o DNS Session-3 (Continued) Exercises: -- Michuki Mwangi and Joe Abley
* Setting up a an authoritative name services for a domain
+ Master & Slave nameserver exercises
Tuesday morning 11:00am
o DNS Session-3 (Continued) Exercises: -- Michuki Mwangi and Joe Abley
* Setting up a an authoritative name services for a domain
+ Master & Slave nameserver exercises
Tuesday afternoon 2:00pm
o Virtualization Overview -- Joel Jaeggli
* Virtualization Materials
* Presentation:
+ What is it?
+ Resource/Service virtualization
+ Host Virtualization
+ What problem are we attempting to solve with host virtualization
+ Examples
+ Virtualized Servers as a Service (Amazon Web Services)
+ Provisioning and management
+ Variation In virtualized environments
+ Complimentary technologies
o Virtualization Exercise
* Presentation
+ Virtualisation Exercise
+ Installing VirtualBox
+ Installing FreeBSD in a virtual machine
Tuesday afternoon 4:15pm
o RADIUS -- Frank Kuse
* RADIUS Materials
* Presentation:
+ What is RADIUS?
+ What does RADIUS do?
+ Why do we need RADIUS?
+ Other AAA services
+ About FreeRADIUS
* Exercise:
+ Build and install freeRADIUS.
+ Configure and start the RADIUS server.
+ Test authentication
+ Convert a service to support Radius.
Wednesday morning 8:45am
o Web/SSL -- Ayitey Bulley
* Apache Materials
+ Installing Apache22 from FreeBSD ports
+ Configure Apache with basic configuration
+ Start Apache httpsd daemon and connect to local box
+ Verify local ssl certificate works
+ Configuring Apache with SSL
+ Example SSL Apache configuration file
+ Sample config for Virtual Hosting
Wednesday morning 11:00am
o Web/SSL -- Ayitey Bulley
* Apache Exercises
+ Enabling IPv6 support in Apache
+ Installing PHP5 and PHP5-Extensions in Apache
+ Mysql Server 5.0 with Apache and PHP support
+ Install and configure Wordpress to use apache and mysql
Wednesday afternoon 3:00pm
o Monitoring and instrumenting IP Services -- Joel Jaeggli / John Kemp
* monitoring materials
* Introduction
* SNMP
* Nagios
* Cacti
* Smokeping
Thursday morning 8:45am:
o Mail/Exim -- Chris Wilson
* Exim Materials
+ Exim Basics
- What is Exim
- Who uses Exim
- Why use Exim
- Why not to use Exim
- Installing Exim
- Replacing Sendmail
- Exim Overview
- Basic Configuration
- Global Settings
- Adding local domains
- Adding relay hosts
Thursday morning 11:00am
o Mail/Exim -- Chris Wilson
+ Exim Routers
- Routing Overview
- Anatomy of a Router
- The Default Routers
- The Redirect Driver
- Testing System Aliases
- Simple Redirecting Router
- Adding a Virtual Domain
- Debugging Routers
- Many Virtual Domains
- Manual Routing a Domain
- Manual Routing all Domains
- Local Part Suffixes
Friday morning 8:45am
o POP, IMAP and Webmail servers -- Michuki Mwangi
* IMAP4/POP3/WebMail Materials:
+ Dovecot - Server for POP and IMAP
- What is Dovecot?
- Installing dovecot from ports
- Configuring Dovecot
+ Mailserver scalability
- Linear password files
- Linear mbox files
- Too many files in one directory
- CPU limits
- Disk performance
- Keep your SMTP (smarthost) and POP3 services separate
+ SquirrelMail Webmail Interface
- Background
- Why SquirrelMail?
- Requirements for Installing SquirrelMail
- Installing SquirrelMail
- Configuring SquirrelMail
+ Notes and Clustering and NFS
- Using Network File System (NFS)
- Using Proxies
- Load balancing
- Database backends
- FreeBSD NFS
Friday morning 11:00am
o POP, IMAP and Web email servers -- Michuki Mwangi
+ Practical Exercise ( continued ):
Friday afternoon 2:15pm
o Security -- John Kemp, Joe Jaeggli
* Introduction to Cryptographic applications and methods (30 Minutes) Joel Jaeggli
* Introduction to PGP key-generation/signing (15 minutes) Joel Jaeggli
* Tools NMAP/Wireshark/Snort (1 hour 15 minutes) John kemp
* Security Materials:
Friday afternoon 4:30pm
o Security
* Security and Availability some thoughts (30 min) Joel Jaeggli
* OpenNMS (30 min) Klevin Marmi
* PGP Keysigning party (17:30 - 18:15)
o Wrap-up
o Other stuff:
+ FreeBSD Install Configuration (from 2009)
+ FreeBSD DHCP Server Configuration (from 2009)
+ System Imaging Guidelines using G4L (online)
+ Nagios configuration files for monitoring students exercises
Return to AfNOG Workshop Main Page