NETWORK+ EXAM CompTIA Textbook Notes Flashcards
Missing Route Issues
- Use ping and traceroute/tracert to identify where network path fails
- Check routing table
- Missing static route
- Dynamic protocol failure
- Device configuration review
Routing Loop Issues
- Incorrect path information causes
packet to circulate until TTL is
exhausted - Use traceroute to diagnose
Asymmetrical Routing Issues
- Return path different to forward path
- Issues
- Inconsistent latency
- Security appliances dropping return packets
- Analyze traceroute output and investigate routing tables
Low Optical Link Budget Issues
- Consider PHY/data link layer issues when routing across WANs
- Poor connectivity across fiber link
- Loss budget expresses amount of loss from attenuation, connectors,
and splices measured in dB - Loss budget must be less than power budget (transceiver transmit
power and receive sensitivity)
OSI Model
Layer 1 – Physical
Layer 2 – Data link
Layer 3 – Network
Layer 4 – Transport
Layer 5 – Session
Layer 6 – Presentation
Layer 7 – Application
Application Layer 7
End User Layer
Protocols: SMTP, HTTP
program that opens what was sent or creates what was sent
Presentation Layer 6
Syntax Layer
JPEG/ASCII/EBDIC/TIFF/GIF/PICT
encrypt and decrypt (if needed)
formats data to be presented to the application layer and can be viewed as “translator” for network.
Session Layer 5
synch and send to ports (logical ports)
Logical Ports: RPC/SQL/NFS/NetBIOS names/Stateful Inspection Firewall
allows session establishment between processes running on different stations.
Transport Layer 4
TCP Host to Host, Flow Control
Packet Filtering
TCP/SPX/UDP
ensures delivery of messages error free, in sequence, no losses or duplicates.
Network Layer 3
Packets “letter”, contains IP address
Packet Filtering
Routers: IP/IPX/ICMP
TTL, Firewall
Controls the operation of the subnet, deciding which physical path data takes.
Data Link Layer 2
Frames “envelope”, contains MAC address
Switch/Bridge/WAP/NIC/Ethernet/PPP/SLIP
[NIC card > Switch > NIC card]
Provides error-free transfer of data frames from one node to another over the physical layer.
Physical Layer 1
Physical Structure (signal layer)
Cables, hubs, modem, transceivers, media converters…
Transmission and reception of the unstructured raw bit stream over the physical medium.
Network Protocol two principal functions:
Addressing and Encapsulation
Addressing
describing where data messages should go
Encapsulating
describing how data messages should be packaged for transmission
At each layer what must two nodes be running to communicate?
the same protocol at each layer
Same Layer Interaction
communication between nodes at the same layer
Adjacent Layer Interaction
To transmit or receive communication on each node each layer provides services for the layer above and uses the services of the layer below
Process of Encapsulation
When a message is sent from one node to another, it travels down the stack of layers on the sending node, reaches the receiving node using the transmission media, and then passes up the stack on that node. At each level (except the physical layer), the sending node adds a header to the data payload, forming a “chunk” of data called a protocol data unit (PDU).
Physical Topology
The layout of nodes and links as established by the transmission media. An area of a larger network is called a segment. A network is typically divided into segments to cope with the physical restrictions of the network media used, to improve performance, or to improve security. At the Physical layer, a segment is where all the nodes share access to the same media.
Physical Interface
Mechanical specifications for the network medium, such as cable specifications, the medium connector and pin-out details (the number and functions of the various pins in a network connector), or radio transceiver specifications.
Devices that operate at the Physical Layer 1:
Transceiver—The part of a network interface that sends and receives signals over the network media.
Repeater—A device that amplifies an electronic signal to extend the maximum allowable distance for a media type.
Hub—A multiport repeater, deployed as the central point of connection for nodes.
Media converter—A device that converts one media signaling type to another.
Modem—A device that performs some type of signal modulation and demodulation, such as sending digital data over an analog line.
Logical Topology
A layer 2 segment might include multiple physical segments.
End Systems or Host Nodes
Nodes that send and receive information
This type of node includes computers, laptops, servers, Voice over IP (VoIP) phones, smartphones, and printers.
intermediate system or infrastructure node
A node that provides only a forwarding function
Devices that operate at the data link layer include:
Network adapter or network interface card (NICs)—An NIC joins an end system host to network media (cabling or wireless) and enables it to communicate over the network by assembling and disassembling frames.
Bridge—A bridge is a type of intermediate system that joins physical network segments while minimizing the performance reduction of having more nodes on the same network. A bridge has multiple ports, each of which functions as a network interface.
Switch—An advanced type of bridge with many ports. A switch creates links between large numbers of nodes more efficiently.
Wireless access point (AP)—An AP allows nodes with wireless network cards to communicate and creates a bridge between wireless networks and wired ones.
ACL
A network ACL is a list of the addresses and types of traffic that are permitted or blocked.
heterogenerous
networks using a variety of physical layer media and data link protocols
Main appliance working at layer 3:
the router
End to End or Host to Host Layer
Transport Layer 4
Which layer assigns port numbers to network applications?
Transport Layer
Segments at the Transport Layer
on the sending host, data from the upper layers is packaged as a series of layer 4 PDUs and each segment is tagged with the apps port number.
Which layers in the OSI model is the port number ignored?
At the network and data link layer and it becomes part of the data payload and is invisible to the routers and switches that implement the addressing and forwarding functions of these layers. At the receiving host, each segment is decapsulated, identified by its port number, and passed to the relevant handler at the application layer. Put another way, the traffic stream is de-multiplexed.
IDS
Intrusion Detection System
Functions in the Session Layer
establishing a dialog, managing data transfer, and then ending (or tearing down) the session
What protocol does not encapsulate any other protocols or provide services to any protocol
Application Layer
At layer 2, the SOHO router implements the following functions to make use of its physical layer adapters:
ethernet switch and wireless access point
What connects a SOHO router to the internet?
WAN interface
PSTN
The Public Switched Telephone Network is where Most SOHO subscriber Internet access is facilitated
CPE
customer premises equipment
demarcation point/demarc
point at which the telco’s cabling enters the customer premises
Internet Assigned Numbers Authority (IANA)
manages allocation of IP addresses and maintenance of the top-level domain space. IANA is currently run by Internet Corporation for Assigned Names and Numbers (ICANN). IANA allocates addresses to regional registries who then allocate them to local registries or ISPs.
Internet Engineering Task Force (IETF)
focuses on solutions to Internet problems and the adoption of new standards, published as Requests for Comments (RFCs). Some RFCs describe network services or protocols and their implementation, while others summarize policies. An older RFC is never updated. If changes are required, a new RFC is published with a new number. Not all RFCs describe standards. Some are designated informational, while others are experimental.
Bandwidth
The more bandwidth available in the media, the greater the amount of data that can be encoded.
Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
The Ethernet protocol governing contention and media access
Fast Link Pulse
Fast Ethernet codes a 16-bit data packet into this signal advertising its service capabilities.
unshielded twisted pair (UTP)
Modern buildings are often flood-wired using UTP cabling.
Most twisted pair cable used in office networks
two methods for terminating Ethernet(RJ-45) connections:
T568A and T568B
T568A Standard
gGoBbObrBR
green/white, green, orange/white, blue, blue/white, orange, brown/white, brown
T568B Standard
oOgBbGbrBR
orange/white, orange, green/white, blue, blue/white, green, brown/white, brown
plenum cable
typically in false ceiling and must not emit a lot smoke, be self-extinguishing
uses treated PVC or FEP
data cable is marked CMP/MMP
General purpose (nonplenum) cabling
uses PVC (polyvinyl chloride) jackets and insulation
marked CMG/MMG or CM/MP
Riser cabling
Cabling that passes between two floors
conduit must be fire-stopped
data cable marked CMR/MPR
coax cable
made of two conductors that share the same axis, hence the name (“co” and “ax”)
The core conductor of the cable is made of copper wire (solid or stranded) and is enclosed by plastic insulation (dielectric). A wire mesh (the second conductor), which serves both as shielding from EMI and as a ground, surrounds the insulating material. A tough plastic sheath protects the cable.
Coax cables are categorized using
the Radio Grade (RG) standard
Twinaxial (or twinax) cable
similar to coax but contains two inner conductors
used for datacenter 10GbE and 40GbE up to 5 m for passive cables and 10 m for active cable types.
SMF
Single Mode Fiber :
small core (8-10 mcrions)
long wavelength
support data rates 100Gbps
OS1 indoor
OS2 outdoor
suitable for WAN
MMF
Multimode Fiber:
large core (62.5 or 50 microns)
shorter wavelength
less expensive than SMF
no high signaling speed/no long distance as single mode
suitable for LAN
MMF is graded by Optical Multimode (OM) categories, defined in the ISO/IEC 11801 standard:
OM1/OM2—62.5-micron cable is OM1, while early 50-micron cable is OM2. OM1 and OM2 are mainly rated for applications up to 1 Gbps and use LED transmitters.
OM3/OM4—these are also 50-micron cable, but manufactured differently, designed for use with 850 nm Vertical-Cavity Surface-Emitting Lasers (VCSEL), also referred to as laser optimized MMF (LOMMF). A VCSEL is not as powerful as the solid-state lasers used for SMF, but it supports higher modulation (transmitting light pulses rapidly) than LED-based optics.
Straight Tip (ST)
push-and-twist locking mechanism connector
multimode
Subscriber Connector (SC)
push/pull design
single- or multimode
commonly used for Gigabit Ethernet
Local Connector (LC) (also referred to as Lucent Connector)
tabbed push/pull design
widely adopted form factor for Gigabit Ethernet and 10/40 GbE
Mechanical Transfer Registered Jack (MTRJ)
small-form-factor duplex connector with a snap-in
multimode
fiber ethernet standard specifications
100BASE-FX
100BASE-SX
1000BASE-SX
1000BASE-LX
10GBASE-SR
10GBASE-LR
Physical Contact (PC)
The faces of the connector and fiber tip are polished so that they curve slightly and fit together better, reducing return loss (interference caused by light reflecting back down the fiber).
UltraPhysical Contact (UPC)
This means the cable and connector are polished to a higher standard than with PC.
Angled Physical Contact (APC)
The faces are angled for an even tighter connection and better return loss performance. APC cannot be mixed with PC or UPC. These connectors are usually deployed when the fiber is being used to carry analog signaling, as in Cable Access TV (CATV) networks. They are also increasingly used for long distance transmissions and for Passive Optical Networks (PON), such as those used to implement Fiber to the x (FTTx) multiple subscriber networks.
Horizontal Cabling
Connects user work areas to the nearest horizontal cross-connect. A cross-connect can also be referred to as a distribution frame. Horizontal cabling is so-called because it typically consists of the cabling for a single floor and so is made up of cables run horizontally through wall ducts or ceiling spaces.
Backbone Cabling
Connects horizontal cross-connects (HCCs) to the main cross-connect (optionally via intermediate cross-connects). These can also be described as vertical cross-connects, because backbone cabling is more likely to run up and down between floors.
Telecommunications Room
Houses horizontal cross-connects. Essentially, this is a termination point for the horizontal cabling along with a connection to backbone cabling. An equipment room is similar to a telecommunications room but contains the main or intermediate cross-connects. Equipment rooms are also likely to house “complex” equipment, such as switches, routers, and modems.
Entrance Facilities/Demarc
Special types of equipment rooms marking the point at which external cabling (outside plant) is joined to internal (premises) cabling. These are required to join the access provider’s network and for inter-building communications. The demarcation point is where the access provider’s network terminates and the organization’s network begins.
punchdown block
comprises a large number of insulation-displacement connection (IDC) terminals
The IDC contains contacts that cut the insulation from a wire and hold it in place.
Copper wire termination
terminated using a distribution frame or punchdown block
66 block
older distribution frame used to terminate telephone cabling and legacy data applications(pre CAT5)
50rows of 4 IDC terminals
110 block
(developed by AT&T) is a type of distribution frame supporting 100 MHz operation (Cat 5) and better
punchdown tool
used to terminate fixed cable
cable crimper
used to create patch cords
fixes a plug to a cable
block tool
terminates a group of connectors in one action
fusion splicer
permanent joint with lower insertion loss
Small Form Factor Pluggable (SFP)
uses LC connectors and is also designed for Gigabit Ethernet
Enhanced SFP (SFP+)
updated specification to support 10 GbE but still uses the LC form factor
Multi-Source Agreement (MSA)
ensure that a transceiver from one vendor is compatible with the switch/router module of another vendor
Quad small form-factor pluggable (QSFP)
Quad small form-factor pluggable (QSFP) is a transceiver form factor that supports 4 x 1 Gbps links, typically aggregated to a single 4 Gbps channel. Enhanced quad small form-factor pluggable (QSFP+) is designed to support 40 GbE by provisioning 4 x 10 Gbps links.
Wavelength Division Multiplexing (WDM)
means of using a strand to transmit and/or receive more than one channel at a time.
Bidirectional (BiDi) transceivers
support transmit and receive signals over the same strand of fiber
Coarse Wavelength Division Multiplexing (CWDM)
supports up to 16 wavelengths and is typically used to deploy four or eight bidirectional channels over a single fiber strand.
Dense Wavelength Division Multiplexing (DWDM)
provisions greater numbers of channels (20, 40, 80, or 160). This means that there is much less spacing between each channel and requires more precise and expensive lasers.
point-to-point WDM topology
each transceiver is cabled to a multiplexer/demultiplexer (mux/demux). The single fiber strand is run to a mux/demux at the other site.
optical add/drop multiplexers (OADM)
can insert and remove signals for a particular wavelength channel on a ring topology
repeater
overcomes the distance limitation by boosting the signal at some point along the cable run
works at the physical layer 1
media converter
used to transition from one cable type to another
The following media conversions are typical:
Single mode fiber to twisted pair—These powered converters change light signals from SMF cabling into electrical signals carried over a copper wire Ethernet network (and vice versa).
Multimode fiber to twisted pair—A different media converter model is required to convert the light signals carried over MMF media.
Single mode to multimode fiber—These passive (unpowered) devices convert between the two fiber cabling types.
hub
each end system node is wired to a central intermediate system
All node interfaces are half-duplex, using the CSMA/CD protocol, and the media bandwidth (10 Mbps or 100 Mbps) is shared between all nodes.
bridges
An Ethernet bridge works at the data link layer (layer 2) to establish separate physical network segments while keeping all nodes in the same logical network. This reduces the number of collisions caused by having too many nodes contending for access.
Layer 2 switch
performs the same sort of function as a bridge, but in a more granular way and for many more ports than are supported by bridges. Each switch port is a separate collision domain. Gigabit Ethernet and Ethernet 10 GbE cannot be deployed without using switches.
microsegmentation
the switch establishes a point-to-point link between any two network nodes
heather fields in an ethernet frame:
Preamble | SFD | Destination MAC | Source MAC | Ether Type |Payload | FCS
the preamble and SFD in an ethernet frame are used for:
clock synchronization and as part of the CSMA/CD protocol to identify collisions early.
Cyclic Redundancy Check (CRC) or Frame Check Sequence (FCS)
error checking field contains a 32-bit (4-byte) checksum
A MAC/EUI address
48 bit (6 byte) identifier
I/G bit
The I/G bit of a MAC address determines whether the frame is addressed to an individual node (0) or a group (1).
Address Resolution Protocol (ARP)
determine which MAC address is associated with an IP address on the local network
Internet Control Message Protocol (ICMP)
used to report errors and send messages about the delivery of a packet
ping
utility sends a configurable number and size of ICMP request packets to a destination host
INCORRECT DNS ISSUES
If you can successfully perform all connectivity tests by IP address but cannot ping by host name, then this suggests a name resolution problem.
routing table
stores info about the location of other IP networks and hosts
The following main parameters define a routing entry:
Protocol - source of the route
Destination - most specific des prefix(longest mask) will be selected as the forwarding path if there is more than one match
Interface - used to forward a packet along the chosen route can be represented as IP address of interface or layer 2 interface ID
Gateway/next hop - IP address of next router along the path to destination
directly connected routes
IP network or subnet for each active router interface is automatically added to the routing table
static routes
manually added to the routing table and only changes if edited by the administrator
default route
special type of static route that identifies the next hop router for a destination that cannot be matched by another routing entry
destination address 0.0.0.0/0 (IPv4) or ::/0 (IPv6) is used to represent default route
If the packet can be delivered to a directly connected network via an Ethernet interface, the router uses ______ or ______ to determine the interface address of the destination host.
ARP (IPv4) or Neighbor Discovery (ND in IPv6)
If the packet can be forwarded via a gateway over an Ethernet interface, it ___________________ into the new frame.
inserts the next hop router’s MAC address
If the packet can be forwarded via a gateway over another type of interface (leased line or DSL, for instance), _______________ in an appropriate frame type.
the router encapsulates the packet
If the destination address cannot be matched to a route entry, the packet is either ________________________________________.
forwarded via the default route or dropped(and the source host is notified that it was undeliverable).
hop count
each router along a packet’s path counts as one hop
Time To Live (TTL)
number of secs a packet can stay on the network without being discarded when TTL 0 the packet is discarded to prevent badly addressed packets from permanently circulating the network
fragmentation IPv4 vs IPv6
IPv4 the ID, flags and fragment offset IP header fields are used to record the sequence in which the packets were sent and if the IP diagram has been split between frames
IPv6 does not allow routers to perform fragmentation. The host performs path MTU discovery to see if it fits the MTU and crafts IP diagrams that will fit the smallest MTU.
Dynamic routing protocol
uses an algorithm and metrics to build and maintain a routing information base
Learned route
A route that was communicated to a router by another router
Distance vector
Algorithm used by routing protocols that select a forwarding path based on the next hop router with the lowest hop count to the destination network.
Convergence
Process whereby routers running dynamic algorithms agree on the network topology
Autonomous system number
A network under the administrative control of a single owner
Interior Gateway Protocol IGP
Identifies routes with an AS
Exterior Gateway Protocol
advertise routes between autonomous systems replaced by BGP
Routing Information Protocol RIP
Distance Vector
IGP
UDP (port 520 or 521)
highest AD
Enhanced Interior Gateway Routing Protocol (EIGRP)
Distance Vector/Hybrid
IGP
Native IP (88)
uses bandwidth and delay as default elements
sends updates when first establishes with network and when topology changes using multicast addresing
Open Shortest Path First (OSPF)
Link State
suited for large organizations with multiple redundant paths between networks
Hierarchical
IGP
Native IP (89)
Boarded Gateway Protocol BGP
Path Vector
EGP
TCP (port 179)
allows comms with routers in separate autonomous systems
BGP within AS referred to as IBGP
BGP between AS referred to as EBGP
to help prevent looping the maximum hop count in RIP allowed is
15
RIP Versions
RIPv1
RIPv2
RIPng (next generation)
RIPv1
classful protocol and uses inefficient broadcasts to communicate updates over UDP port 520
RIPv2
supports classless addressing, authentication, and uses more efficient multicast transmissions over UDP port 520.
RIPng
version of protocol designed for IPv6 uses UDP port 521
maximum hop count allowed in EIGRP is
255
link state vs distance vector algorithm
link state uses a topology table of the whole network to select routes vs distance vector chooses the closest router and selects its route that way
link state more expensive than distance vector
Network Layer Reachability Information (NLRI)
classless network prefixes that BGP works with
Classless Inter-Domain Routing (CIDR)
CIDR also known as “supernetting” uses bits normally assigned to the network ID to mask the complexity of the subnet and host addressing scheme within that network
Variable Length Subnet Masking (VLSM)
allows to allocate ranges of IP addresses to subnets that match the predicted need for numbers of subnets and hosts per subnet more closely
edge routers
placed at the network perimeter
provides access to the internet
can do framing to repackage data from WAN to private LAN
internal routers
no public interface
designed to implement required network topology
subinterfaces/ virtual interface
configuring a router physical interface with multiple virtual interfaces connected to a separate virtual LAN (VLAN) ID over a trunk
Layer 3 Switch
optimized for routing between VLANs
can use static and dynamic routing to identify which VLAN an IP address should be forwarded to
route command
used to view and modify the routing table of end system
traceroute tool (linux)
allows to test the path between two nodes with a view to isolating the node or link that is causing the issue
uses UDP probe by default
tracert command (windows)
uses ICMP echo request probes by default
allows to test the path between two nodes with a view to isolating the node or link that is causing the issue
optical link budget
the amount of loss suffered by all components along a fiber transmission path calculated by using attenuation, connectors, and splices.
client server vs peer to peer networks
client server some nodes act as clients and servers are more powerful computers vs peer to peer network each end system acts as both client and server
Local Area Network (LAN)
confined to a single geo location
Campus Area Network (CAN)
LAN that spans multiple nearby bldgs
datacenter
network hosts only servers and storage
Wireless Local Area Network (WLAN)
LANs based on Wi-Fi
public WAN referred to as hotspots
Wide Area Network (WAN)
network of networks connected by long distance links
Metropolitan Area Network (MAN)
smaller than WAN city wide network encompassing multiple bldgs
Personal Area Network (PAN)
a person might establish a close range network between devices such as phones, tablets, headsets, and printers
network topology
describes the physical or logical structure of the network in terms of nodes and links
physical network topology
describes placement of nodes and how connected by the network media
logical network topology
flow of data through network
point to point link
single link established between two nodes
can be physical or logical topology
star topology
each endpoint is connected to a centra forwarding node such as a hub,switch, router
hub and spoke topology
Network connectivity between multiple virtual private clouds where one virtual private cloud (VPC) acts as a hub and the other VPCs are peered with it but not with each other.
mesh topology
commonly used in WAN
each device has point to point link with every other device on the network
excellent redundancy
partial mesh networks
provisioning so many interfaces links can be difficult so with partial mesh nodes can forward packets to a destination by learning the network topology
packets can take multiple routes through network
ring topology
each node is wired to its neighbor in a closed loop
bus topology
all nodes attached directly to a single segment
a fault on the cable and nodes are unable to communicate
hybrid topology
mixture of 2 or more topologies
hierarchical star
also known as tree topology
corporate networks are often designed in a hierarchical
three tiered network hierarchy
access, distribution, and core
access or edge layer
allows end user service, such as computers, printers, and smartphones to connect to network
distribution/aggregation layer
provides fault tolerant interconnections between different access blocks and either the core or other distribution blocks
application specific integrated circuit (ASIC)
while a router uses a generic processor and firmware to process incoming packets a layer 3 switch uses ASIC
core layer
provides a highly available backbone
provides redundant traffic paths
spanning tree protocol (STP)
means for bridges or switches to organize themselves into a hierarchy
operates by default if supported by switch
root port
port that forwards up to the root via intermediate switches
designated port
port that can forward traffic down through the network with the least cost
blocking or non designated port
creates a loop
rapid spanning tree protocol (RSTP)
creates outages of a few seconds or less
blocking, listening, and disabled states are aggregated into a discarding state
switching loop
where flooded frames circulate the network perpetually
broadcast storm
traffic that is recirculated and amplified by loops in a switching topology causing network slowdowns and crashing swiches
If a broadcast storm occurs on a network where STP is enabled, investigate the potential causes:
Verify compatible versions of STP are enabled on all switches.
Verify the physical config of segments that use the legacy equipment, such as ethernet hubs.
Investigate networking devices in the user environment and verify that they are not connected as part of a loop. Typical sources problems include unmanaged desktop switches and VoIP handsets.
TCP
Transmission Control Protocol provides guaranteed comms using acknowledgements to ensure delivery.
Unicast only
Main Fields of a TCP segment are:
Source Port, Destination Port, Sequence Number, Ack Number, Data Length, Flags, Window, Checksum, Urgent Pointer, Options
TCP three way handshare
SYN, SYN-ACK, ACK
TCP Connection Teardown
FIN, ACK, ACK
How to observe TCP connections
use netstat tool
User Datagram Protocol (UDP)
nonguaranteed method of comms with no ack or flow control
use with multicast and broadcast
structure of UDP datagram
Source Port, Destination Port, Message Length, Checksum
UDP vs TCP header size
UDP header size is 8 and TCP is 20 bytes or more
IP scanner
tool that performs host discovery and can establish the overall logical topology of the network in terms of subnets and routers
nmap
used for IP scanning
netstat
allows to check the state of ports on the local host
port scanner
utility that can probe a host to enumerate the status of TCP and UDP ports
protocol analyzer
utility that can parse the header and payloads of protocols in captured frames for display and analysis
DHCP
automatic method of assigning IP addresses to hosts
scope
range of addresses and options configured for a single subnet
reservation
mapping of a MAC address or interface ID to a specific IP address within the DHCP server’s address pool
DHCP relay
agent configured to provide forwarding of DHCP traffic between subnets
IP helper
can be configured on routers to allow set types of broadcast traffic to be forwarded to an interface
SLAAC
IPV6 stateless address autoconfiguration can locate routers and generate host address with a suitable net prefix automatically
ff02::1:2
used to discover a DHCP server
host name
assigned to a computer by administrator unique on the local network
fully qualified domain name
provides a unique identity for the host belonging to a particular network
domain name system (DNS)
global hierarchy of distributed name server databases that contain information on domains and hosts within those domains
iterative lookups
DNS query type whereby a server responds with information from its own data store only
recursive lookup
DNS query type whereby a server submits additional queries to other servers to obtain the requested information
resource records
allows DNS name server to resolve queries for names and services hosted in the domain into IP addresses
auhtorative name server
DNS server designated by a name server record for the domain that holds a complete copy of zone records
forward lookup vs reverse lookup zones
forward lookup zones can contain records listed previously
a reverse DNS query returns the host name associated with given IP address the info is stored as PTR
Sender Policy Framework (SPF) and DomainKeys Identified Email (DKIM)
used to validate the origin of email and reject spam configured in DNS as txt records
primary DNS zones
zone records held on the server are editable
secondary DNS zones
server holds a read only copy of the zone
cache DNS only
dont maintain a zone
authoritative DNS
holds complete records for a domain
DNS spoofing
attacker is able to supply a false name resolution to clients
internal DNS
domains used on the private network only
external DNS
records that internet clients must be able to access
nslookup
cross-platform command tool for querying DNS resource records
dig
domain information groper is a utility to query a DNS and return info about a particular domain name
recursive DNS lookup
if the queried server is not authoritative, it does take on the task of querying other name servers until it finds the requested record or times out
iterative DNS lookup
a name server responds to a query with either the requested record or the address of a name server at a lower level in the hierarchy that is authoritative for the namespace
