Week 3 - Getting started with DNS and DHCP (2).pptx
Document Details
Uploaded by GreatAntigorite
Full Transcript
What is DNS DNS is a fundamental component of the internet. To put things simply – it’s the method behind putting Names to IP Addresses. DNS stands for the Domain Name System For example… www.google.ca = 142.251.33.163 www.facebook.com = 31.13.80.36 www.conestogac.on.com = 142.156.1.223 • • •...
What is DNS DNS is a fundamental component of the internet. To put things simply – it’s the method behind putting Names to IP Addresses. DNS stands for the Domain Name System For example… www.google.ca = 142.251.33.163 www.facebook.com = 31.13.80.36 www.conestogac.on.com = 142.156.1.223 • • • • So, what is the fundamental need behind DNS? We don’t want to remember IP Addresses Instead, we type in a URL A DNS Server helps translate the “URL” of the website (i.e. www.google.ca) to an IP Address Your browser then takes you to that IP Address, transparent to you A URL? URL stands for Uniform Resource Locator. A URL is nothing more than the address of a given unique resource on the Web. Such resources can be an HTML page, a CSS document, an image, etc. Here are some examples: https://conestogac.on.ca https://www.conestogac.on.ca/fulltime https://www.conestogac.on.ca/search?cludoquery=hello Adapted from: https://developer.mozilla.org/en-US/docs/Learn/Common_questions/What_is_a_URL Anatomy of a URL You might think of a URL like a regular postal mail address: the scheme represents the postal service you want to use (FedEx, UPS), the domain name is the city or town, and the port is like the zip/postal code; the path represents the building where your mail should be delivered; the parameters represent extra information such as the number of the apartment in the building; and, finally, the anchor represents the actual person to whom you've addressed your mail. Scheme The first part of the URL is the scheme, which indicates the protocol that the browser must use to request the resource (a protocol is a set method for exchanging or transferring data around a computer network). Usually for websites the protocol is HTTPS or HTTP (its unsecured version) Authority Next follows the authority, which is separated from the scheme by the character pattern ://. If present the authority includes both the domain (e.g. www.example.com) and the port (80), separated by a colon: • The domain indicates which Web server is being requested. Usually this is a domain name, but an IP address may also be used (but this is rare as it is much less convenient). • The port indicates the technical "gate" used to access the resources on the web server. It is usually omitted if the web server uses the standard ports of the HTTP protocol (80 for HTTP and 443 for HTTPS) to grant access to its resources. Otherwise it is mandatory. Path to Resource /path/to/myfile.html is the path to the resource on the Web server. In the early days of the Web, a path like this represented a physical file location on the Web server. Parameters ?key1=value1&key2=value2 are extra parameters provided to the Web server. Those parameters are a list of key/value pairs separated with the & symbol. The Web server can use those parameters to do extra stuff before returning the resource. Each Web server has its own rules regarding parameters, and the only reliable way to know if a specific Web server is handling parameters is by asking the Web server owner. Anchor #SomewhereInTheDocument is an anchor to another part of the resource itself. An anchor represents a sort of "bookmark" inside the resource, giving the browser the directions to show the content located at that "bookmarked" spot. On an HTML document, for example, the browser will scroll to the point where the anchor is defined. How DNS works Now that you are skilled with URLs, and the parts thereof, we can discuss how DNS works. DNS is based on a distributed system of Name Servers, and sending requests to each. We will be discussing 4 types of these servers. The Root Hint It is important that we familiarize ourselves with one more concept, the root hint. Root hints are a list of the DNS servers on the Internet that your DNS servers can use to resolve queries for names that it does not know. www.domain.com . The period at the end of the URL is a root hint. It’s always present, but we don’t see it (it’s default) The Root Hint is the start… The root hint is the start of the DNS lookup process. It will tell you where to go next. The process of “where do we go next” is known as Iterative DNS Query. A “Iterative DNS lookup” is the most basic DNS lookup, where DNS servers will talk between each other to point you to where you can find the resource. TLD Nameserver After consulting the Root Hint, the second step in the DNS Recursive Lookup/resolution process is to consult with the TLD Server. The TLD server (Top-LevelDomain) server is a server that is responsible for a specific subset of domains. What is TLD • TLD Stands for Top Level Domain • It is the .com, .ca, .co.uk, .net, .biz portion of the URL. • There 1,514 TLDs that exist currently (as of June 2020) • Some TLDs are restricted by country/organization (i.e. a .gov can only be registered by a government) The Authoritative Nameserver The Authoritative Nameserver is the last and final step in the recursive name resolution process. The Authoritative Nameserver gives the “answer” of where the URL is. Iterative Queries While a Recursive query is a query between DNS client and server, an Iterative query refers to the query between DNS Servers The rule of thumb is: DNS server to DNS server = Iterative. Client to DNS Server is Recursive. Let’s break the process down 1. You (your computer) performs a recursive request to your DNS server for server1.somewebsite.hello 2. The DNS server doesn’t have the website cached, so it goes to the root hint to ask (iterative), where is the .hello TLD. 3. The Root Hint server replies, says that the TLD nameserver is located at 1.2.3.4 Breaking it down – cont’d 4. 5. 6. 7. 8. The DNS server that you originally queried, preforms another iterative lookup, this time to the TLD nameserver (1.2.3.4 the .hello nameserver). It asks, where is server1.somewebsite.hello? The TLD nameserver replies, I don’t know where server1 is, but I know where somewebsite.hello is, it’s located at 3.4.5.6. The DNS server continues with another iterative query, this time asking where server1 from the Authoritative nameserver of somewebsite.hello. The final authoritative nameserver replies – 7.8.9.10 Therefore, server1.somewebsite.hello is 7.8.9.10 Cached DNS Servers DNS Servers also serve a purpose of Caching. Caching is essentially the process of “storing” the answer so that the iterative process doesn’t have to happen. This speeds up the DNS resolution Process. We will discuss the benefits and drawbacks in the NTWK-8090 course DNS Servers contain records • Records are stored in Zones – There are Forward Lookup Zones – And Reverse Lookup Zone • DNS Servers contain billions of these zones, and are used to resolve names to IP addresses (forward lookup zones) and vice-versa (reverse lookup zone) • Zones are typically files Let’s talk about some records • • • • • • • Start of Authority (SOA) - required for all zones Name Server (NS) - name of DNS server(s) authoritative for domain - required for all zones Host (A or AAAA) - hostname and IP for forward lookup in domain Mail Exchange (MX) - domain SMTP server Alias (CNAME) - alternate name for host Pointer (PTR) - hostname and IP for reverse lookup in network Service Resource (SRV) - location of network services critical to AD The role of DNS in Active Directory DNS is probably the single most important component in Active Directory. • All Active Directory Domains must have a DNS server – Both a Forward and Reverse lookup zone for your domain will be created – Additional zones will be created as well that are specific to Active Directory • The DNS Server for (on-premises) Active Directory is an internal DNS server that enables all the components to find each other. The role of DNS in Active Directory – Cont’d • Active Directory will NOT function without a DNS server • Clients must use the Internal DNS server to be able to join the Active Directory and to access internal resources • The Internal DNS server also doubles as a caching DNS server • Houses many types of internal records including A (IPv4), AAAA (IPv6), and SRV The role of DNS in Active Directory – Cont’d (2) • The DNS Server role is automatically installed as part of the domain creation process – if you don’t have one • Another DNS server may also be used, however your Domain Controller must be able to write records to it • It is highly encouraged to stick with a Windows DNS Server in ADDS environments, however Linux Alternatives (such as BIND) are also supported – but much more difficult to manage and configure DNS Resilience As DNS is one of the key tools that is used in your Windows Server Active Directory Environment, it is critical to ensure that Resilience is planned and implemented correctly. This is handled via DNS Policies. We will discuss a few of the DNS policies included in Windows Server: A word on DNS Policies… DNS Policies are an advanced topic that you should familiarize yourselves with. You will absolutely need to use it if you are managing a large enterprise environment. Most of the administration is done via PowerShell. More information can be found here: https://docs.microsoft.com/en-us/windows-server/networking/dns/ deploy/dns-policies-overview Load Balancing When you have deployed multiple instances of an application at different locations, you can use DNS policy to balance the traffic load between the different application instances, dynamically allocating the traffic load for the application. Geo-Location Based Traffic Management You can use DNS Policy to allow primary and secondary DNS servers to respond to DNS client queries based on the geographical location of both the client and the resource to which the client is attempting to connect, providing the client with the IP address of the closest resource. Split Brain DNS With split-brain DNS, DNS records are split into different Zone Scopes on the same DNS server, and DNS clients receive a response based on whether the clients are internal or external clients. You can configure split-brain DNS for Active Directory integrated zones or for zones on standalone DNS servers. Time of day-based redirection You can use DNS policy to distribute application traffic across different geographically distributed instances of an application by using DNS policies that are based on the time of day. DHCP – Dynamic Host Configuration Protocol DHCP is a core technology that’s not specific to any one vendor and is responsible for assigning IP Addresses to Computers. You’ve probably encountered DHCP by simply connecting to your home network. Your computer automatically gets a IP Address, along with a few other things: DNS Server Address, Subnet Mas, and Default Gateway. The DHCP Server Role The DHCP server is not included by default when setting up a Windows Server Active Directory Domain, however can be installed as an additional role. You will be exploring this setup in the NTWK-8050 course. IP Basics Please see the Additional Reading for some IP Addressing basics that you should be aware of: • IP Address: The computers “Internet Protocol” address, this is how other devices talk with your computer • Subnet Mask: Is a subdivision of the network. The most commonly used Subnet Mask is 255.255.255.0 (or /24) IP Basics – Cont’d • DNS Server: As you are aware, DNS Servers are also sent out to via DHCP to the clients in your organization • Default Gateway: is the IP Address of the “next hop” router that allows your host to navigate the network Why use a Windows DHCP Server? The Windows DHCP Server Role allows for some flexibility: • • • • • • Reliable IP address configuration. DHCP minimizes configuration errors caused by manual IP address configuration, such as typographical errors, or address conflicts caused by the assignment of an IP address to more than one computer at the same time. Reduced network administration. DHCP includes the following features to reduce network administration: Centralized and automated TCP/IP configuration. The ability to define TCP/IP configurations from a central location. The ability to assign a full range of additional TCP/IP configuration values by means of DHCP options. The efficient handling of IP address changes for clients that must be updated frequently, such as those for portable devices that move to different locations on a wireless network. Why use a Windows DHCP Server? – Cont’d • The DHCP Server role allows your computers to be assigned all the networking correctly – which means that they will be able to access all your network resources and join your domain by means of DNS. • Resilience options are built-in: – Split-Scope DNS – DHCP Failover The DHCP Process The DHCP DORA Process The DHCP Process is known as DORA, it is the process between the client and server to negotiate a DHCP address. • Discover – involves the Client broadcasting on the network to see if there are any available DHCP Servers • Offer – a DHCP Server replies, while reserving an address for the client • Request – the client accepts the IP Configuration, letting the Server known • Acknowledge – the Server replies back, letting the Client know that all is good DHCP Reservations One final concept is the DHCP Reservations. DHCP Reservations are entries in a DHCP server that tell the server to issue the same reserved IP address to the client. This is based on a MAC Address.