Session 4 Tp 4

879 views
818 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
879
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
40
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Session 4 Tp 4

  1. 1. Session 4 DNS Network Design
  2. 2. <ul><li>Dynamic host configuration protocol (DHCP) automates the allocation of IP addresses, the subnet mask, the default gateway and the WINS server. </li></ul><ul><li>The DHCP servers supply IP addresses to requesting DHCP clients </li></ul><ul><li>The DHCP process takes place in four phases, namely: </li></ul><ul><ul><li>IP lease request </li></ul></ul><ul><ul><li>IP lease offer </li></ul></ul><ul><ul><li>IP lease selection </li></ul></ul><ul><ul><li>IP lease acknowledgement </li></ul></ul><ul><li>DHCP service can be designed for: </li></ul><ul><ul><li>LAN </li></ul></ul><ul><ul><li>Routed Networks </li></ul></ul><ul><ul><li>Non-Microsoft clients </li></ul></ul>Review
  3. 3. <ul><li>DHCP can be secured by stopping rogue servers and using firewalls </li></ul><ul><li>One DHCP server can support thousands of DHCP clients in a local area network </li></ul><ul><li>DHCP client uses the dynamic host communication protocol to communicate with the DHCP relay agent </li></ul><ul><li>DHCP relay agent sends unicast packets to the DHCP server </li></ul>Review Contd…
  4. 4. Objectives <ul><li>Explain DNS and its features </li></ul><ul><li>Identify the requirements for a DNS design </li></ul><ul><li>Identify methods to secure the DNS Network </li></ul><ul><li>Identify methods to increase DNS performance and availability </li></ul>
  5. 5. Domain Name System <ul><li>Used for conversion of Web addresses to IP addresses and IP addresses to Web addresses </li></ul><ul><li>TCP/IP is the protocol mainly used for communication over the Internet </li></ul><ul><li>Data is passed between computers in the form of datagrams </li></ul><ul><li>The process of conversion of web addresses to IP addresses is called as name resolution </li></ul><ul><li>Reverse name resolution is the process of conversion of IP addresses to web addresses </li></ul>
  6. 6. Domain Name System Contd… <ul><li>The two types of requests that DNS servers accept are: </li></ul><ul><ul><li>Iterative Queries </li></ul></ul><ul><ul><li>Recursive Queries </li></ul></ul><ul><li>The naming scheme in DNS is a hierarchical structure called as the DNS namespace </li></ul><ul><li>The DNS namespace consists of a root domain with several sub-domains under it </li></ul><ul><li>DNS can be integrated with the following services: </li></ul><ul><ul><li>DHCP </li></ul></ul><ul><ul><li>WINS </li></ul></ul><ul><ul><li>Active Directory </li></ul></ul>
  7. 7. DNS Network Design - Zones <ul><li>Refers to a portion of the DNS namespace that is contiguous </li></ul><ul><li>Formation of zones makes name resolution easier </li></ul><ul><li>Consists of single or multiple domains that contain sub-domains under them </li></ul><ul><li>Every zone in the DNS namespace contains a database that contains resource records of the domains in the zone </li></ul><ul><li>Three types of zones in DNS server are: </li></ul><ul><ul><li>Primary Zone </li></ul></ul><ul><ul><li>Secondary Zone </li></ul></ul><ul><ul><li>Stub Zone </li></ul></ul>
  8. 8. Creating Zones <ul><li>We can create zones using the New Zone Wizard </li></ul><ul><li>Select Action  New Zone to start the New Zone Wizard </li></ul>
  9. 9. Resource Records <ul><li>A resource record contains the names and IP addresses of the computer name in a zone </li></ul><ul><li>Resource records can be created in a zone </li></ul><ul><li>To create a resource record, select New Host (A) from the Action menu in the DNS console </li></ul>
  10. 10. Domains <ul><li>Second-level domains have to be registered </li></ul><ul><li>Naming conventions for domains are: </li></ul><ul><ul><li>Use short and easy names </li></ul></ul><ul><ul><li>Keep the number of levels to five or less </li></ul></ul><ul><ul><li>Avoid usage of shortened names that are not readable </li></ul></ul><ul><li>Advantages of multiple DNS servers on a network are: </li></ul><ul><ul><li>Division of load amongst various DNS servers </li></ul></ul><ul><ul><li>Improvement of performance </li></ul></ul><ul><ul><li>Reduction of the risk of failure </li></ul></ul><ul><ul><li>Reduction of traffic arising out of unmanageable load on a single DNS server </li></ul></ul>
  11. 11. Types of DNS Servers <ul><li>Two types of DNS servers are: </li></ul><ul><ul><li>Forwarders – Receives name resolution requests from other DNS servers </li></ul></ul><ul><ul><li>Caching-Only servers – Contains only cached requests and do not contain zones </li></ul></ul>
  12. 12. Active Directory Integrated zones <ul><li>Provide read/write multi master copies of the zones </li></ul><ul><li>Secure the dynamically updated DNS zones automatically </li></ul><ul><li>Considered as traditional DNS servers by BIND DNS servers </li></ul><ul><li>Traditional zones contain a single primary zone </li></ul>
  13. 13. Server Location <ul><li>DNS server location is based on the type of DNS zone used </li></ul><ul><li>The types of zones are: </li></ul><ul><ul><li>Active Directory integrated </li></ul></ul><ul><ul><li>Primary </li></ul></ul><ul><ul><li>Secondary </li></ul></ul><ul><ul><li>Delegated domain </li></ul></ul>
  14. 14. Security Threats to a DNS Server <ul><li>Flooding the DNS with an unmanageable amount of requests </li></ul><ul><li>Forwarding DNS requests from a DNS server to another DNS server that is under the control of an attacker </li></ul><ul><li>Intercepting DNS traffic on the network to gain IP addresses which are then used to gain access to protected information </li></ul>DNS Server Requests DNS Server -I DNS Server -II Attacker Sending request Attacker Diverted
  15. 15. Secure Dynamic Updates <ul><li>Receives the IP address of DNS clients when the DNS server starts up </li></ul>
  16. 16. Limiting Interface <ul><li>Reduces the number of network interfaces from which a DNS server can receive requests </li></ul>
  17. 17. Securing Zone Transfer <ul><li>Limits the numbers of servers that can take part in a zone transfers </li></ul>
  18. 18. Protecting a DNS Server <ul><li>Prevents attackers from filling incorrect or unrelated information in a DNS server cache </li></ul>
  19. 19. DNS Network Performance <ul><li>The performance of a DNS server is evaluated in terms of its response time </li></ul><ul><li>To improve DNS performance: </li></ul><ul><ul><li>Use upgraded hardware </li></ul></ul><ul><ul><li>Reducing query resolution time by using multiple DNS servers </li></ul></ul><ul><ul><li>Reducing network congestion caused by replication. </li></ul></ul>
  20. 20. Summary <ul><li>DNS servers convert Web addresses to IP addresses and IP addresses to Web addresses </li></ul><ul><li>Name resolution is the process of conversion of web addresses to IP addresses </li></ul><ul><li>Reverse name resolution is the process of conversion of IP addresses to IP addresses </li></ul><ul><li>DNS servers accept iterative and recursive queries </li></ul><ul><li>A zone is a contiguous part of the DNS namespace </li></ul><ul><li>Consists of single or multiple domains that contain sub-domains under them </li></ul>
  21. 21. Summary Contd… <ul><li>Resource records are part of zonal databases that contain web addresses and their equivalent IP address </li></ul><ul><li>Multiple DNS servers are useful for d ivision of load amongst various DNS servers </li></ul><ul><li>Two types of DNS servers are: </li></ul><ul><ul><li>Forwarders </li></ul></ul><ul><ul><li>Caching-Only servers </li></ul></ul><ul><li>Active directory integrated zones secure the dynamically updated DNS zones automatically </li></ul>
  22. 22. Summary Contd… <ul><li>Security threats to a DNS server include: </li></ul><ul><ul><li>Flooding the DNS with requests </li></ul></ul><ul><ul><li>Forwarding DNS requests to a DNS server under the control of an attacker </li></ul></ul><ul><ul><li>Intercepting DNS traffic </li></ul></ul><ul><li>Secure dynamic updates r eceive the IP address of DNS clients when the DNS server starts up </li></ul><ul><li>Limiting interface r educes the number of network interfaces from which a DNS server can receive requests </li></ul><ul><li>Securing zone transfer limits the numbers of servers that can take part in a zone transfers </li></ul><ul><li>The performance of a DNS server is evaluated in terms of its response time </li></ul>

×