2.6 - DNS Configuration, DHCP Configuration, VLANs and VPNs Flashcards
DNS
Domain name system
Human readable names to computer readable IPs
Hierarchical
-follow path
Distributed database
-many DNS servers
-13 root server clusters (over 1,000 actual servers)
-hundreds of gTLDs (generic top level domains) (ex: .com, .org, .net, etc)
-275+ ccTLDs (country code top level domains) (ex: .us, .ca, .uk, etc)
DNS records
RR (resource records)
-database records of DNS
30+ record types
-IPs, certs, host alias names, etc
Important + critical configs
-check settings, backup, and test
Address records
A or AAAA
Defines IP of host
-most popular query
A records = for IPv4 addresses
-modify A record to change host name to IP resolution
AAAA records = for IPv6 addresses
-same DNS server, different records
Mail exchanger record (MX)
Determines host name for mail server
-NOT an IP address -> just a name
IN MX mail.mydomain.name.
Text records (TXT)
Human readable text info
-useful public info
Can be used for verification
-if u have access to DNS then u must be the admin of the domain name
Usually used for email security
-external email servers validate info from ur DNS
nslookup
Sender policy framework (SPF)
SPF protocol
-list of all servers authorized to send emails for the domain
-prevents mail spoofing
-mail servers perform check to see if incoming mail actually came from an authorized host
Domain keys identified mail (DKIM)
Digitally sign a domain’s outgoing mail
-mail servers validate (not typically seen by end user)
-public key = in DKIM TXT record
DMARC
Domain based message authentication, reporting, and conformance
-prevents spoofing
-extension of SPF + DKIM
You decide what external email servers should do with emails that don’t validate through SPF or DKIM
-policy written into DMARC TXT record
-accept all, send to spam, or reject email
-compliance reports can be sent to email administrator
DHCP Configuration - Scope properties
IP range
- and excluded addresses
Subnet mask
Lease durations
Other scope options
-DNS server
-default gateway
-VOIP servers
DHCP Pools (DHCP config)
Grouping of IP addresses
-each subject has own scope
-192.168.1.0/24
-192.168.2.0/24
-192.168.3.0/2
-etc
Scope = generally contiguous pool of IPs
-DHCP exceptions can be made inside scope
DHCP address assignment (DHCP config)
Dynamic assignment
-DHCP server has big pool of addresses to give out
-addresses reclaimed after lease period
Automatic reassignment
-similar to dynamic allocation
-DHCP server has list of past assignments
-you’ll always get same IP address
DHCP address allocation (DHCP config)
Address reservation
-administratively configured
Table of MAC addresses
-each MAC address has matching IP address
Other names
-static DHCP assignment
-static DHCP
-static assignment
-IP reservation
DHCP leases (DHCP config)
Leasing your address
-temporary
-can seem permanent
Allocation
-assigned lease time by DHCP server
-administratively configured
Reallocation
-reboot computer
-confirms lease
Workstation can manually release IP address
-moving to another subnet
DHCP renewal (DHCP config)
T1 timer
-Check in with lending DHCP to renew IP address
-50% of the lease time (by default)
T2 timer
-if original DHCP is down, try rebinding with any DHCP server
-87.5% of lease time (7/8ths)
LANs
Local area networks
Group of devices in same broadcast domain
Virtual LANs
Virtual local area networks
Group of devices in same broadcast domain
Separated logically, not physically
Configuring VLANs
Virtual local area networks
Group of devices in same broadcast domain
VLAN 1: Gate room
VLAN 2: Dialing room
VLAN 3: Infirmary
VPNs
Virtual private networks
-encrypted data traversing a public network
Concentrator
-encryption/decryption access device
-often integrated into firewall
Many deployment options
-specialized cryptographic hardware
-software based options available
Used with client software
-sometimes built into OS
Client to site VPNs
On demand access from remote device
-software connect to VPN concentrator
Some software can be configured as always on
