ch 6 - Topic D - 1.1 + 1.8 + 5.2
IPAM additional functions
- provide analysis tool for admin - to identify overloaded DHCP scope - or make public IP address available - also perform incident response and forensic functions
secondary zone
- read only copy of zone - maintained through replication process called 'zone transfer' - from zone master (primary zone) - provided two or more separate servers (for fault tolerance and load balancing)
external zone
- records that internet client must be able to access - name servers with record should be accessible from internet ex. web and email services on domain
forwarder
- send client query to another DNS server - and send replies back to client - 'conditional forwarder' performs this task for certain domains only ex. DNS server that is authoritative for local network, but forwards request to external DNS resolver run by ISP
SPF record
- sender policy framework - identifies trusted email - lists IP addresses or names of trusted email servers - used to prevent spam
cache only server
- servers that do not maintain a zone (primary or secondary)
SOA
- start of authority - identifies primary DNS naming server - that is authoritative for the zone (resolve names) - also includes contact info for the zone - and serial number (version control)
SRV record
- used to identify record providing network service or protocol - often used to locate VoIP and media servers - also part of windows AD (used by client to locate DC) - can be configured with priority value (like MX)
TXT record
- used to store free-form text that may be needed to support network services - single domain may have many TXT record - commonly used as part of SPF and DKIM record
DNS service
- windows AD and most linux network require DNS service
powershell name resolution
- windows powershell uses cmdlets - can test DNS name resolution and change settings - 'resolve -DnsName' (more flexible than nslookup)
forward look up zone
- zone in DNS server - contain most of record searched for - returns IP address of given name record
primary zone
- zones can be edited
NS record
- name server record - identify secondary DNS naming server that is authoritative for zone - most enterprise network has several DNS server (at least two) - with copy of zones (two or more NS record configured for redundancy)
authoritative server
- name server that holds complete records for domain - resolve names - both primary and secondary name servers are authoritative - primary and secondary servers used to maintain authoritative zone record for domain
AAAA record
- performs same function as A record - but resolves host name to IPv6 address
DNS servers : zones
- maintains DNS namespace in zones - name server can maintain primary and secondary zones
DNS on local network
- DNS also resolves IP address of hosts on local network - can be issue (DHCP assigned IP address can change) - resolved by dynamic DNS
nslookup command
- DNS troubleshooting tool - uses FQDN to look up IP address - can also use IP address to look up host name ex. nslookup -option host server - option is switch - host can be host/domain/FQDN name or IP address - server is DNS server to query nslookup -type=mx google.com 8.8.8.8 - nslookup without any argument will start in interactive mode
DNSSEC
- Domain Name System Security Extensions - A security protocol that provides authentication of DNS data - and upholds DNS data integrity.
IPAM
- IP address management - enterprise of ISP has to manage hundreds or thousands of IPv4/IPv6 network and subnets - IPAM scan DHCP and DNS servers - and log IP address usage to database - some IPAM software can scan hardware associated with IP address (device fingerprinting) - and save info into asset inventory
resource records
- allow DNS server to resolve names and services - into IP addresses - can be created and updated manually (static) - or dynamically (based on info from client and server on network) - DNS zones contain numerous resource records
dynamic DNS
- allows individual clients or DHCP server to notify DNS server - if there are IP address changes - an use 'ipconfig /registerdns' command - DNS server updates all A and PTR record - ensure host name will resolve to new IP address
A record
- also called host address - used to resolve host name to IPv4 address - most common type of record in DNS zone
forwarding
- alternative or supplement recursion - resolve queries via forwarding
3rd party DNS
- another organization is responsible for hosting your DNS records - external domain rather than local - hosting service must be available and reliable - often cloud based servers are used
non authoritative answer
- answer from server that holds cache of record - not from original records in zones (normal DNS servers)
DNS resolver
- caching servers - performs queries based on request from clients
CNAME record
- canonical name record (or alias) - just points to A record - type of resource record in the DNS - maps one domain name to another. - convenient when running multiple services from a single IP address. - can redirected to different host temporarily (during maintenance)
3rd party DNS : ISP
- companies and home customers depend on ISP DNS - to resolve client queries - possible to configure client with any trusted DNS resolvers
reverse look up zone
- contains PTR record (pointer record) - PTR used to resolve IP address to host name
dig
- domain information groper - command line tool - primarily for linux - for querying DNS server with BIND software - published by ISC
DKIM record
- domain key identified mail - also used to identify and prevent spam and mail spoofing - can use encrypted signature to prove that mail is legitimate
internal DNS zone
- domain used on private network only - name record only available to internal clients - name servers with internal record should not be accessible from internet ex. active directory network
recursive query
- locate authoritative name server - or forward request to another name server - when a server is not authoritative for requested domain - companies must provide name resolution to their clients to contact other domains
MX record
- mail exchanger record - used to identify email server for domain - each server in network will have MX record - each record has preference value (lowest numbered entry preferred)