2.6 - DNS Configuration Flashcards

1
Q

Domain Name System (what is it conceptually and physically)

A
  • Translates human-readable names
    into computer-readable IP addresses
    – You only need to remember
    www.ProfessorMesser.com
  • Hierarchical
    – Follow the path
  • Distributed database
    – Many DNS servers
    – 13 root server clusters (over 1,000 actual servers)
    – Hundreds of generic top-level domains (gTLDs) -
    .com, .org, .net, etc.
    – Over 275 country code top-level domains (ccTLDs) -
    .us, .ca, .uk, etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

DNS lookup (dig)

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The DNS hierarchy

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

DNS records

A
  • Resource Records (RR)
    – The database records of domain name services
  • Over 30 record types
    – IP addresses, certificates, host alias names, etc.
  • These are important and critical configurations
    – Make sure to check your settings, backup, and test!
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Address records (A) (AAAA)

A
  • Defines the IP address of a host
    – This is the most popular query
  • A records are for IPv4 addresses
    – Modify the A record to change the
    host name to IP address resolution
  • AAAA records are for IPv6 addresses
    – The same DNS server, different records
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Mail exchanger record (MX)

A
  • Determines the host name for the mail server - this isn’t an IP address; it’s a name
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Text records (TXT)

A
  • Human-readable text information
    – Useful public information
    – Was originally designed for
    informal information
  • Can be used for verification purposes
    – If you have access to the DNS,
    then you must be the administrator
    of the domain name
  • Commonly used for email security
    – External email servers validate
    information from your DNS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Viewing TXT records with nslookup

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Sender Policy Framework (SPF)

A
  • SPF protocol
    – A list of all servers authorized to send emails
    for this domain
    – Prevent mail spoofing
    – Mail servers perform a check to see if incoming mail
    really did come from an authorized host
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Domain Keys Identified Mail (DKIM)

A
  • Digitally sign a domain’s outgoing mail
    – Validated by mail servers, not usually
    seen by the end user
    – The public key is in the DKIM TXT record
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

DMARC

A
  • Domain-based Message Authentication, Reporting,
    and Conformance (DMARC)
    – Prevent unauthorized email use (spoofing)
    – An extension of SPF and DKIM
  • You decide what external email servers should do with
    emails that don’t validate through SPF or DKIM
    – That policy is written into a DMARC TXT record
    – Accept all, send to spam, or reject the email
    – Compliance reports can be sent to the email administrator
How well did you know this?
1
Not at all
2
3
4
5
Perfectly