DNSSEC has been here for some time. But what it means to deploy it on the server. What is needed to keep your domain secured. There are a lot of manual and semi-automated tasks administrators need to do. This is where FreeIPA steps in and makes the deployment and maintenance of DNSSEC signed zone easy as few clicks in Web UI. Once you deployed DNSSEC on the server side, there is still some work to have your clients secured, too. Especially when using public hot-spots and networks, you should use secured DNS to eliminate man-in-the-middle attacks. In the lab we will briefly explain how DNSSEC works. Afterwards we will deploy a signed zone using only BIND and also BIND + FreeIPA combination. We will show how FreeIPA can ease your pain with DNSSEC deployment. In the end we will try out the DNSSEC from client side using dnssec-trigger and unbound server, to keep you secured at all times..