2.6 – Network Connections: DNS Configuration

Questions and Answers

What is the primary function of the Domain Name System (DNS)?

• To provide internet access to users
• To convert fully qualified domain names to IP addresses (correct)
• To manage internet traffic statistics
• To store website content across multiple servers

How many root server clusters exist within the Domain Name System?

• 5
• 1,000
• 13 (correct)
• 100

Which of the following is NOT a type of top-level domain?

• .com
• .org
• .edu
• .dns (correct)

What does a fully qualified domain name represent?

The complete domain with all its parent domains (A)

What command can be used to see the DNS translation for a given domain name?

dig (A)

The presence of multiple IP addresses for a single web server primarily serves what purpose?

For redundancy and load balancing (A)

In the domain name 'www.professormesser.com', which part represents the second-level domain?

professormesser (C)

Which of the following best describes the nature of DNS as a database?

Distributed and hierarchical (C)

What is the purpose of an SPF record?

To provide a list of authorized email servers for a domain (A)

What does DKIM stand for?

Domain Keys Identified Mail (D)

What action can a DMARC record specify when a message fails validation?

Accept the message without further checks (B)

How are DMARC reports beneficial?

They provide detailed information on email delivery rates and validation results (D)

What is a common misconfiguration that can lead to email spoofing?

Not having an SPF record (A)

What does nslookup do?

It performs DNS queries and returns information about domain records (C)

What does TTL stand for in the context of DNS records?

Time To Live (D)

Which record type is used to associate a digital signature with outgoing mail?

DKIM record (B)

What information can you find when performing a TXT record lookup for a domain?

Verification records such as SPF, DKIM, or other text-based functionalities (C)

What is one role of SPF in email security?

To provide sender verification to mail servers (B)

What is the purpose of the A record in a DNS server?

It translates a fully qualified domain name to an IPv4 address. (A)

Why is a DNS server considered a critical resource?

It translates domain names to IP addresses. (D)

What does the Time to Live (TTL) value in a DNS record indicate?

The time a cache retains a DNS record before expiration. (A)

What type of record would you look for to determine the mail server for a domain?

MX record (B)

Which type of DNS record is used to store verbal or textual information?

TXT record (C)

What happens when a DNS server is not available?

Requests to resolve domain names will fail without translation. (C)

What additional benefit does a web-based front end provide for DNS configuration?

It simplifies the configuration process by abstracting details. (B)

In the context of email security, how is a TXT record utilized?

To include verification information about the sender. (A)

What does the 'Start of Authority (SOA) record' indicate in a DNS configuration?

It shows the main DNS server for the domain. (A)

What does the quad A record do?

It maps fully qualified domain names to IPv6 addresses. (D)

Which of the following functions are NOT performed by a DNS server?

Managing local hardware configurations. (A)

What is the main purpose of a resource record in a DNS server?

To facilitate the mapping of domain names and various network services. (C)

What command can be used if the dig command is unsupported to find DNS information?

nslookup (C)

Flashcards

What is DNS?

DNS is a hierarchical system for translating domain names into numerical IP addresses.

How is DNS structured?

DNS uses a distributed database with multiple servers organized into a hierarchy.

What are root servers in DNS?

Root servers are at the top of the hierarchy and handle the most general domain names like .com, .org, and .net.

What are top-level domains (TLDs)?

Top-level domains (TLDs) represent the final part of a domain name, such as .com, .org, or country codes like .us.

How are servers organized within DNS?

Each TLD (like .com) can have many servers, and each website within that TLD can also have multiple servers.

What does DNS do for computers?

DNS resolves domain names into IP addresses, allowing computers to communicate with each other.

How can you see DNS resolution in action?

The command 'dig' can be used to see how DNS translates a domain name into an IP address.

Why are there multiple IP addresses for a website?

Multiple IP addresses for a website (like a web server) are used for redundancy, ensuring the website stays online even if one server fails.

A Record

A DNS record that translates a Fully Qualified Domain Name (FQDN) to an IPv4 address.

AAAA Record

A DNS record that translates a Fully Qualified Domain Name (FQDN) to an IPv6 address.

MX Record

A DNS record that specifies where email messages should be delivered.

TXT Record

A DNS record that stores arbitrary text information.

DNS Resolution

The process of translating a Fully Qualified Domain Name (FQDN) into an IP address.

Time to Live (TTL)

The time period for which a DNS record is cached by a client.

DNS Server

A database that stores information like FQDNs, IP addresses, and other details.

Start of Authority (SOA) Record

A set of records in a DNS server that defines authoritative information about a domain.

Canonical Name (CNAME) Record

An alternative name for a fully qualified domain name (FQDN).

IP Address

The unique identifier for a computer or device on a network.

Fully Qualified Domain Name (FQDN)

A human-readable name for a website or server.

nslookup

A program that allows users to query a DNS server for information.

dig

A program that provides more detailed information about DNS records.

DNS Cache

A temporary storage of DNS records by a client.

DNS Configuration

The process of making changes to a DNS server's configuration.

SPF Record

A text-based DNS record that lists authorized email servers for a domain, preventing spoofing.

Email Authentication

A process of authenticating and verifying emails based on a domain's DNS records.

DKIM Record

A digital signature associated with emails, added to a text record in the DNS server, that mail servers can validate.

DMARC Record

A DNS record that determines how to handle emails that fail SPF or DKIM validation, including acceptance, spam folder placement, or rejection.

Email Verification

The process of verifying if an email was sent from a known authorized source using SPF and DKIM.

Dig or Nslookup

A tool that allows viewing DNS records, including text records like SPF, DKIM, and DMARC.

Text-Based DNS Records

The use of DNS records to provide information beyond just IP addresses, such as email authorization and domain verification.

Domain Verification Record

A DNS record that verifies domain ownership for various platforms like Facebook, Google, and DocuSign.

Multiple Mail Servers for a Domain

A record that specifies multiple email servers allowed to send mail for a domain, potentially for redundancy or load balancing.

Email Authentication Report

A report generated based on SPF and DKIM validation results, showing email message statistics and how many failed authentication.

Study Notes

DNS Structure and Functionality

• DNS (Domain Name System) translates human-readable domain names (e.g., www.example.com) into IP addresses that computers use for communication.
• DNS is a distributed system; it uses a hierarchical structure with multiple servers.
• 13 root server clusters exist, managing a network of over 1,000 servers.
• Generic top-level domains (TLDs) include .com, .org, .net. Others exist for specific countries.
• DNS hierarchy example: . (root) -> .com -> example.com -> www.example.com.
• Multiple servers can exist at each level. Mail, organizational servers can be located on the same hierarchy
• Using dig command to lookup domain IP addresses. The dig command shows the request and the answer section, including the three IP addresses. This is good for redundancy.
• Using nslookup shows the same IP addresses for a given name.
• DNS servers store resource records, which contain names, IP addresses, and other critical details (over 30 types).
• Crucial role of DNS: If it fails, a domain name lookup is impossible. Backups are important. Configuring DNS requires caution.
• DNS configuration often uses text files.
• Web-based configuration options can simplify management.

DNS Records

• A record: Associates a domain name with an IPv4 address.
• AAAA record: Associates a domain name with an IPv6 address.
• MX record: Specifies email routing. Requires a pair of records (MX and A record) for complete routing information.
• TXT record: Stores arbitrary text information. Commonly used for domain verification or email security (SPF, DKIM). Example usages include verification or informal purposes, validation, mail security.
• SPF (Sender Policy Framework) record: Lists authorized mail servers for a domain. Helps prevent email spoofing.
• DKIM (DomainKeys Identified Mail) record: Provides digital signatures for outgoing emails.
• DMARC (Domain-based Message Authentication, Reporting & Conformance) record: Defines actions for invalidated emails. (e.g., reject, accept, or move to spam). Provides reporting from recipients on validation outcomes.

DNS Configuration Example

• An example A record for www.professormesser.com shows the mapping to 162.159.246.164. Includes TTL (time-to-live).
• For IPv6 AAAA records, a hostname maps to an IPv6 address. TTL is also present.
• A configuration example for an email server (MX record). The mail server would use an A record.
• An example showing a text record (TXT record) in your own domain using mailgun.
• Examples of text records (e.g., SPF, DKIM) that enable email verification and authentication.
• Shows how digital signing of a message is configured using a DKIM record.
• Configuring DMARC (Domain-based Message Authentication, Reporting, and Conformance). Specifies what to do when a message fails validation (e.g., reject, accept, or mark as spam) and defines where to send the reports.