• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Session 4 Tp 4
 

Session 4 Tp 4

on

  • 910 views

 

Statistics

Views

Total Views
910
Views on SlideShare
910
Embed Views
0

Actions

Likes
0
Downloads
31
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Session 4 Tp 4 Session 4 Tp 4 Presentation Transcript

    • Session 4 DNS Network Design
      • Dynamic host configuration protocol (DHCP) automates the allocation of IP addresses, the subnet mask, the default gateway and the WINS server.
      • The DHCP servers supply IP addresses to requesting DHCP clients
      • The DHCP process takes place in four phases, namely:
        • IP lease request
        • IP lease offer
        • IP lease selection
        • IP lease acknowledgement
      • DHCP service can be designed for:
        • LAN
        • Routed Networks
        • Non-Microsoft clients
      Review
      • DHCP can be secured by stopping rogue servers and using firewalls
      • One DHCP server can support thousands of DHCP clients in a local area network
      • DHCP client uses the dynamic host communication protocol to communicate with the DHCP relay agent
      • DHCP relay agent sends unicast packets to the DHCP server
      Review Contd…
    • Objectives
      • Explain DNS and its features
      • Identify the requirements for a DNS design
      • Identify methods to secure the DNS Network
      • Identify methods to increase DNS performance and availability
    • Domain Name System
      • Used for conversion of Web addresses to IP addresses and IP addresses to Web addresses
      • TCP/IP is the protocol mainly used for communication over the Internet
      • Data is passed between computers in the form of datagrams
      • The process of conversion of web addresses to IP addresses is called as name resolution
      • Reverse name resolution is the process of conversion of IP addresses to web addresses
    • Domain Name System Contd…
      • The two types of requests that DNS servers accept are:
        • Iterative Queries
        • Recursive Queries
      • The naming scheme in DNS is a hierarchical structure called as the DNS namespace
      • The DNS namespace consists of a root domain with several sub-domains under it
      • DNS can be integrated with the following services:
        • DHCP
        • WINS
        • Active Directory
    • DNS Network Design - Zones
      • Refers to a portion of the DNS namespace that is contiguous
      • Formation of zones makes name resolution easier
      • Consists of single or multiple domains that contain sub-domains under them
      • Every zone in the DNS namespace contains a database that contains resource records of the domains in the zone
      • Three types of zones in DNS server are:
        • Primary Zone
        • Secondary Zone
        • Stub Zone
    • Creating Zones
      • We can create zones using the New Zone Wizard
      • Select Action  New Zone to start the New Zone Wizard
    • Resource Records
      • A resource record contains the names and IP addresses of the computer name in a zone
      • Resource records can be created in a zone
      • To create a resource record, select New Host (A) from the Action menu in the DNS console
    • Domains
      • Second-level domains have to be registered
      • Naming conventions for domains are:
        • Use short and easy names
        • Keep the number of levels to five or less
        • Avoid usage of shortened names that are not readable
      • Advantages of multiple DNS servers on a network are:
        • Division of load amongst various DNS servers
        • Improvement of performance
        • Reduction of the risk of failure
        • Reduction of traffic arising out of unmanageable load on a single DNS server
    • Types of DNS Servers
      • Two types of DNS servers are:
        • Forwarders – Receives name resolution requests from other DNS servers
        • Caching-Only servers – Contains only cached requests and do not contain zones
    • Active Directory Integrated zones
      • Provide read/write multi master copies of the zones
      • Secure the dynamically updated DNS zones automatically
      • Considered as traditional DNS servers by BIND DNS servers
      • Traditional zones contain a single primary zone
    • Server Location
      • DNS server location is based on the type of DNS zone used
      • The types of zones are:
        • Active Directory integrated
        • Primary
        • Secondary
        • Delegated domain
    • Security Threats to a DNS Server
      • Flooding the DNS with an unmanageable amount of requests
      • Forwarding DNS requests from a DNS server to another DNS server that is under the control of an attacker
      • Intercepting DNS traffic on the network to gain IP addresses which are then used to gain access to protected information
      DNS Server Requests DNS Server -I DNS Server -II Attacker Sending request Attacker Diverted
    • Secure Dynamic Updates
      • Receives the IP address of DNS clients when the DNS server starts up
    • Limiting Interface
      • Reduces the number of network interfaces from which a DNS server can receive requests
    • Securing Zone Transfer
      • Limits the numbers of servers that can take part in a zone transfers
    • Protecting a DNS Server
      • Prevents attackers from filling incorrect or unrelated information in a DNS server cache
    • DNS Network Performance
      • The performance of a DNS server is evaluated in terms of its response time
      • To improve DNS performance:
        • Use upgraded hardware
        • Reducing query resolution time by using multiple DNS servers
        • Reducing network congestion caused by replication.
    • Summary
      • DNS servers convert Web addresses to IP addresses and IP addresses to Web addresses
      • Name resolution is the process of conversion of web addresses to IP addresses
      • Reverse name resolution is the process of conversion of IP addresses to IP addresses
      • DNS servers accept iterative and recursive queries
      • A zone is a contiguous part of the DNS namespace
      • Consists of single or multiple domains that contain sub-domains under them
    • Summary Contd…
      • Resource records are part of zonal databases that contain web addresses and their equivalent IP address
      • Multiple DNS servers are useful for d ivision of load amongst various DNS servers
      • Two types of DNS servers are:
        • Forwarders
        • Caching-Only servers
      • Active directory integrated zones secure the dynamically updated DNS zones automatically
    • Summary Contd…
      • Security threats to a DNS server include:
        • Flooding the DNS with requests
        • Forwarding DNS requests to a DNS server under the control of an attacker
        • Intercepting DNS traffic
      • Secure dynamic updates r eceive the IP address of DNS clients when the DNS server starts up
      • Limiting interface r educes the number of network interfaces from which a DNS server can receive requests
      • Securing zone transfer limits the numbers of servers that can take part in a zone transfers
      • The performance of a DNS server is evaluated in terms of its response time