2.6 DNS Configuration, DHCP Configuration, VLANs & VPNs Flashcards
1
Q
Domain Name System
A
- Translates human-readable names into computer
-readable IP addresses
– You only need to remember www.ProfessorMesser.com - Hierarchical
– Follow the path - Distributed database
– Many DNS servers
– 13 root server clusters (over 1,000 actual servers)
– Hundreds of generic top-level domains (gTLDs)
-.com, .org, .net, etc.
– Over 275 country code top-level domains (ccTLDs)
-.us, .ca, .uk, etc.
2
Q
- Translates human-readable names into computer
-readable IP addresses
– You only need to remember www.ProfessorMesser.com - Hierarchical
– Follow the path - Distributed database
– Many DNS servers
– 13 root server clusters (over 1,000 actual servers)
– Hundreds of generic top-level domains (gTLDs)
-.com, .org, .net, etc.
– Over 275 country code top-level domains (ccTLDs)
-.us, .ca, .uk, etc.
A
Domain Name System
3
Q
DNS records
A
- Resource Records (RR)
– The database records of domain name services - Over 30 record types
– IP addresses, certificates, host alias names, etc. - These are important and critical configurations
– Make sure to check your settings, backup, and test!
4
Q
- Resource Records (RR)
– The database records of domain name services - Over 30 record types
– IP addresses, certificates, host alias names, etc. - These are important and critical configurations
– Make sure to check your settings, backup, and test!
A
DNS records
5
Q
Address records (A) (AAAA)
A
- Defines the IP address of a host
– This is the most popular query - A records are for IPv4 addresses
– Modify the A record to change the host name to IP address resolution - AAAA records are for IPv6 addresses
– The same DNS server, different records
6
Q
- Determines the host name for the mail server - this isn’t an IP address; it’s a name* Defines the IP address of a host
– This is the most popular query - A records are for IPv4 addresses
– Modify the A record to change the host name to IP address resolution - AAAA records are for IPv6 addresses
– The same DNS server, different records
A
Address records (A) (AAAA)
7
Q
Mail exchanger record (MX)
A
- Determines the host name for the mail server
- this isn’t an IP address; it’s a name
8
Q
- Determines the host name for the mail server
- this isn’t an IP address; it’s a name
A
Mail exchanger record (MX)
9
Q
Text records (TXT)
A
- Human-readable text information
– Useful public information
– Was originally designed for
informal information - Can be used for verification purposes
– If you have access to the DNS,
then you must be the administrator of the domain name - Commonly used for email security
– External email servers validate
information from your DNS
10
Q
- Human-readable text information
– Useful public information
– Was originally designed for
informal information - Can be used for verification purposes
– If you have access to the DNS,
then you must be the administrator of the domain name - Commonly used for email security
– External email servers validate
information from your DNS
A
Text records (TXT)
11
Q
Domain Keys Identified Mail (DKIM)
A
- Digitally sign a domain’s outgoing mail
– Validated by mail servers, not usually
seen by the end user
– The public key is in the DKIM TXT record
12
Q
- Digitally sign a domain’s outgoing mail
– Validated by mail servers, not usually
seen by the end user
– The public key is in the DKIM TXT record
A
Domain Keys Identified Mail (DKIM)
13
Q
DMARC
A
- Domain-based Message Authentication, Reporting, and Conformance (DMARC)
– Prevent unauthorized email use (spoofing)
– An extension of SPF and DKIM - You decide what external email servers should do with emails that don’t validate through SPF or DKIM
– That policy is written into a DMARC TXT record
– Accept all, send to spam, or reject the email
; DKIM TXT records
– Compliance reports can be sent to the email administrator
14
Q
- Domain-based Message Authentication, Reporting, and Conformance (DMARC)
– Prevent unauthorized email use (spoofing)
– An extension of SPF and DKIM - You decide what external email servers should do with emails that don’t validate through SPF or DKIM
– That policy is written into a DMARC TXT record
– Accept all, send to spam, or reject the email
; DKIM TXT records
– Compliance reports can be sent to the email administrator
A
DMARC
15
Q
Sender Policy Framework (SPF)
A
- SPF protocol
– A list of all servers authorized to send emails
for this domain
– Prevent mail spoofing
– Mail servers perform a check to see if incoming mail
really did come from an authorized host
16
Q
- SPF protocol
– A list of all servers authorized to send emails
for this domain
– Prevent mail spoofing
– Mail servers perform a check to see if incoming mail
really did come from an authorized host
A
Sender Policy Framework (SPF)
17
Q
Scope properties
A
- IP address range
– And excluded addresses - Subnet mask
- Lease durations
- Other scope options
– DNS server
– Default gateway
– VOIP servers
18
Q
- IP address range
– And excluded addresses - Subnet mask
- Lease durations
- Other scope options
– DNS server
– Default gateway
– VOIP servers
A
Scope properties
19
Q
DHCP pools
A
- Grouping of IP addresses
– Each subnet has its own scope
– 192.168.1.0/24
– 192.168.2.0/24
– 192.168.3.0/24
– … - A scope is generally a single contiguous
pool of IP addresses
– DHCP exceptions can be made inside of the scope
20
Q
- Grouping of IP addresses
– Each subnet has its own scope
– 192.168.1.0/24
– 192.168.2.0/24
– 192.168.3.0/24
– … - A scope is generally a single contiguous
pool of IP addresses
– DHCP exceptions can be made inside of the scope
A
DHCP pools
21
Q
DHCP address assignment
A
- Dynamic assignment
– DHCP server has a big pool of addresses to give out
– Addresses are reclaimed after a lease period - Automatic assignment
– Similar to dynamic allocation
– DHCP server keeps a list of past assignments
– You’ll always get the same IP address
22
Q
- Dynamic assignment
– DHCP server has a big pool of addresses to give out
– Addresses are reclaimed after a lease period - Automatic assignment
– Similar to dynamic allocation
– DHCP server keeps a list of past assignments
– You’ll always get the same IP address
A
DHCP address assignment
23
Q
DHCP address allocation
A
- Address reservation
– Administratively configured - Table of MAC addresses
– Each MAC address has a matching IP address - Other names
– Static DHCP Assignment, Static DHCP,
Static Assignment, IP Reservation
24
Q
- Address reservation
– Administratively configured - Table of MAC addresses
– Each MAC address has a matching IP address - Other names
– Static DHCP Assignment, Static DHCP,
Static Assignment, IP Reservation
A
DHCP address allocation
25
Q
DHCP leases
A
- Leasing your address
– It’s only temporary
– But it can seem permanent - Allocation
– Assigned a lease time by the DHCP server
– Administratively configured - Reallocation
– Reboot your computer – Confirms the lease - Workstation can also manually release the IP address
– Moving to another subnet
26
Q
- Leasing your address
– It’s only temporary
– But it can seem permanent - Allocation
– Assigned a lease time by the DHCP server
– Administratively configured - Reallocation
– Reboot your computer
– Confirms the lease - Workstation can also manually release the IP address
– Moving to another subnet
A
DHCP leases
27
Q
DHCP renewal
A
- T1 timer
– Check in with the lending DHCP server to renew the IP address
– 50% of the lease time (by default)
T2 timer
– If the original DHCP server is down, try rebinding
with any DHCP server
– 87.5% of the lease time (7/8ths)
28
Q
LANs
A
- Local Area Networks
- A group of devices in the same broadcast domain
29
Q
Virtual LANs
A
- Virtual Local Area Networks
- A group of devices in the same broadcast domain
- Separated logically instead of physically
30
Q
- Virtual Local Area Networks
- A group of devices in the same broadcast domain
- Separated logically instead of physically
A
Virtual LANs
31
Q
- Local Area Networks
- A group of devices in the same broadcast domain
A
LANs
32
Q
Configuring VLANs
A
- Virtual Local Area Networks
– A group of devices in
the same broadcast domain
33
Q
- Virtual Local Area Networks
– A group of devices in
the same broadcast domain
A
Configuring VLANs
34
Q
VPNs
A
- Virtual Private Networks
– Encrypted (private) data traversing a public network - Concentrator
– Encryption/decryption access device
– Often integrated into a firewall - Many deployment options
– Specialized cryptographic hardware
– Software-based options available
35
Q
- Virtual Private Networks
– Encrypted (private) data traversing a public network - Concentrator
– Encryption/decryption access device
– Often integrated into a firewall - Many deployment options
– Specialized cryptographic hardware
– Software-based options available - Used with client software
– Sometimes built into the OS
A
VPNs
36
Q
- Virtual Private Networks
– Encrypted (private) data traversing a public network - Concentrator
– Encryption/decryption access device
– Often integrated into a firewall - Many deployment options
– Specialized cryptographic hardware
– Software-based options available - Used with client software
– Sometimes built into the OS
A
VPNs
37
Q
Client-to-Site VPNs
A
- On-demand access from a remote device
– Software connects to a VPN concentrator - Some software can be configured as always-on
38
Q
- On-demand access from a remote device
– Software connects to a VPN concentrator - Some software can be configured as always-on
A
Client-to-Site VPNs
