SlideShare a Scribd company logo

Session 4 Tp 4

Download as PPT, PDF
G
githe26200

DNS servers convert web addresses to IP addresses and vice versa. A DNS zone is a contiguous portion of the DNS namespace containing domains and subdomains. Resource records within zonal databases contain address mappings. Using multiple DNS servers improves performance and availability through load balancing and redundancy. Threats to DNS servers include flooding, request hijacking, and traffic interception. Security measures involve restricting dynamic updates, network interfaces, and zone transfers.

Technology
1 of 22
Downloaded 47 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Session 4 DNS Network Design
Dynamic host configuration protocol (DHCP) automates the allocation of IP addresses, the subnet mask, the default gateway and the WINS server. The DHCP servers supply IP addresses to requesting DHCP clients The DHCP process takes place in four phases, namely: IP lease request IP lease offer IP lease selection IP lease acknowledgement DHCP service can be designed for: LAN Routed Networks Non-Microsoft clients Review
DHCP can be secured by stopping rogue servers and using firewalls One DHCP server can support thousands of DHCP clients in a local area network DHCP client uses the dynamic host communication protocol to communicate with the DHCP relay agent DHCP relay agent sends unicast packets to the DHCP server Review Contd…
Objectives Explain DNS and its features Identify the requirements for a DNS design Identify methods to secure the DNS Network Identify methods to increase DNS performance and availability
Domain Name System Used for conversion of Web addresses to IP addresses and IP addresses to Web addresses TCP/IP is the protocol mainly used for communication over the Internet Data is passed between computers in the form of datagrams The process of conversion of web addresses to IP addresses is called as name resolution Reverse name resolution is the process of conversion of IP addresses to web addresses
Domain Name System Contd… The two types of requests that DNS servers accept are: Iterative Queries Recursive Queries The naming scheme in DNS is a hierarchical structure called as the DNS namespace The DNS namespace consists of a root domain with several sub-domains under it DNS can be integrated with the following services: DHCP WINS Active Directory
DNS Network Design - Zones Refers to a portion of the DNS namespace that is contiguous Formation of zones makes name resolution easier Consists of single or multiple domains that contain sub-domains under them Every zone in the DNS namespace contains a database that contains resource records of the domains in the zone Three types of zones in DNS server are: Primary Zone Secondary Zone Stub Zone
Creating Zones We can create zones using the New Zone Wizard Select Action  New Zone to start the New Zone Wizard
Resource Records A resource record contains the names and IP addresses of the computer name in a zone Resource records can be created in a zone To create a resource record, select New Host (A) from the Action menu in the DNS console
Domains Second-level domains have to be registered Naming conventions for domains are: Use short and easy names Keep the number of levels to five or less Avoid usage of shortened names that are not readable Advantages of multiple DNS servers on a network are: Division of load amongst various DNS servers Improvement of performance Reduction of the risk of failure Reduction of traffic arising out of unmanageable load on a single DNS server
Types of DNS Servers Two types of DNS servers are: Forwarders – Receives name resolution requests from other DNS servers Caching-Only servers – Contains only cached requests and do not contain zones
Active Directory Integrated zones Provide read/write multi master copies of the zones Secure the dynamically updated DNS zones automatically Considered as traditional DNS servers by BIND DNS servers Traditional zones contain a single primary zone
Server Location DNS server location is based on the type of DNS zone used The types of zones are: Active Directory integrated Primary Secondary Delegated domain
Security Threats to a DNS Server Flooding the DNS with an unmanageable amount of requests Forwarding DNS requests from a DNS server to another DNS server that is under the control of an attacker Intercepting DNS traffic on the network to gain IP addresses which are then used to gain access to protected information DNS Server Requests DNS Server -I DNS Server -II Attacker Sending request Attacker Diverted
Secure Dynamic Updates Receives the IP address of DNS clients when the DNS server starts up
Limiting Interface Reduces the number of network interfaces from which a DNS server can receive requests
Securing Zone Transfer Limits the numbers of servers that can take part in a zone transfers
Protecting a DNS Server Prevents attackers from filling incorrect or unrelated information in a DNS server cache
DNS Network Performance The performance of a DNS server is evaluated in terms of its response time To improve DNS performance: Use upgraded hardware Reducing query resolution time by using multiple DNS servers Reducing network congestion caused by replication.
Summary DNS servers convert Web addresses to IP addresses and IP addresses to Web addresses Name resolution is the process of conversion of web addresses to IP addresses Reverse name resolution is the process of conversion of IP addresses to IP addresses DNS servers accept iterative and recursive queries A zone is a contiguous part of the DNS namespace Consists of single or multiple domains that contain sub-domains under them
Summary Contd… Resource records are part of zonal databases that contain web addresses and their equivalent IP address Multiple DNS servers are useful for d ivision of load amongst various DNS servers Two types of DNS servers are: Forwarders Caching-Only servers Active directory integrated zones secure the dynamically updated DNS zones automatically
Summary Contd… Security threats to a DNS server include: Flooding the DNS with requests Forwarding DNS requests to a DNS server under the control of an attacker Intercepting DNS traffic Secure dynamic updates r eceive the IP address of DNS clients when the DNS server starts up Limiting interface r educes the number of network interfaces from which a DNS server can receive requests Securing zone transfer limits the numbers of servers that can take part in a zone transfers The performance of a DNS server is evaluated in terms of its response time

More Related Content

PPTX
Dn sonly
vikram vivek
 
PPT
Chapter 06
cclay3
 
PPT
Linux15 dynamic dns-2
Jainul Musani
 
PPT
Dns
Sanoj Kumar
 
PPTX
main
Omar Faruk Sazib
 
PPTX
Implementing Domain Name
Napoleon NV
 
PPTX
Lecture 5- url-dns
Saman M. Almufti
 
PPTX
DDNS
praneetha523
 
Dn sonly
vikram vivek
 
Chapter 06
cclay3
 
Linux15 dynamic dns-2
Jainul Musani
 
Dns
Sanoj Kumar
 
main
Omar Faruk Sazib
 
Implementing Domain Name
Napoleon NV
 
Lecture 5- url-dns
Saman M. Almufti
 
DDNS
praneetha523
 

What's hot (20)

PPT
Chapter 4 configuring and managing the dns server role
Luis Garay
 
PPTX
Domain name system
mahakant sharma
 
PPTX
DNS Vulnerabilities
Mike Spaulding
 
PPS
Linux15 dynamic dns-2
Jainul Musani
 
PPS
Linux14 Dynamic DNS
Jainul Musani
 
PPTX
Dhcp, dns and proxy server (1)
Sahira Khan
 
PPS
Pmw2 k3ni 1-2b
hariclant1
 
PPT
Basic Lecture on Domains and Webhosting
Marie Claire Ponsaran
 
PPTX
7 understanding DNS
Hameda Hurmat
 
PPTX
Deploying and configuring dns service
latoniasmith
 
PPT
Common Network Services
ŐŔaṉģ Zaib
 
PDF
Domain Name System (DNS)
Venkatesh Jambulingam
 
PDF
Session 4.1 Roy Arends
Commonwealth Telecommunications Organisation
 
PPTX
06 coms 525 tcpip - dhcp and dns
Palanivel Kuppusamy
 
PPTX
DNS : The internet’s directory service
BalaSuresh AsaiThambi
 
PPT
Building Linux IPv6 DNS Server (Complete Presentation)
Hari
 
PPT
Screen Shots of Building Linux IPv6 DNS Server
Hari
 
PPTX
Domain name system (dns) , TELNET ,FTP, TFTP
saurav kumar
 
PPTX
15 Setup BIND 9
Hameda Hurmat
 
PDF
NFS(Network File System)
udamale
 
Chapter 4 configuring and managing the dns server role
Luis Garay
 
Domain name system
mahakant sharma
 
DNS Vulnerabilities
Mike Spaulding
 
Linux15 dynamic dns-2
Jainul Musani
 
Linux14 Dynamic DNS
Jainul Musani
 
Dhcp, dns and proxy server (1)
Sahira Khan
 
Pmw2 k3ni 1-2b
hariclant1
 
Basic Lecture on Domains and Webhosting
Marie Claire Ponsaran
 
7 understanding DNS
Hameda Hurmat
 
Deploying and configuring dns service
latoniasmith
 
Common Network Services
ŐŔaṉģ Zaib
 
Domain Name System (DNS)
Venkatesh Jambulingam
 
Session 4.1 Roy Arends
Commonwealth Telecommunications Organisation
 
06 coms 525 tcpip - dhcp and dns
Palanivel Kuppusamy
 
DNS : The internet’s directory service
BalaSuresh AsaiThambi
 
Building Linux IPv6 DNS Server (Complete Presentation)
Hari
 
Screen Shots of Building Linux IPv6 DNS Server
Hari
 
Domain name system (dns) , TELNET ,FTP, TFTP
saurav kumar
 
15 Setup BIND 9
Hameda Hurmat
 
NFS(Network File System)
udamale
 
Ad

Viewers also liked (20)

PPT
Ession 5 Tp 5
githe26200
 
PPT
Session 11 Tp 11
githe26200
 
PPT
Session 2 Tp 2
githe26200
 
PPT
Session 9 Tp 9
githe26200
 
PPT
Session 3 Tp 3
githe26200
 
PPT
Ession 5 Tp 5
githe26200
 
PPT
Session 12 Tp 12
githe26200
 
PPT
Session 1 Tp 1
githe26200
 
PDF
Network Diagram
Jake Wactor
 
PDF
Dns wildcards demystified
Men and Mice
 
PDF
Scripting and automation with the Men & Mice Suite
Men and Mice
 
PPTX
Address Scopes OpenStack Summit 2016
carlbaldwin
 
PPTX
Subnet Pools and Pluggable IPAM
carlbaldwin
 
PDF
DNS, DHCP & IPAM with IPv6
Andreas Taudte
 
PPTX
DHCP & DNS
NetProtocol Xpert
 
PDF
IETF 90 Report – DNS, DHCP, IPv6 and DANE
Men and Mice
 
PDF
Nuestar UltraDDI
danielgeorge6
 
PPS
Pmw2 k3ni 1-1b
hariclant1
 
PPS
Pmw2 k3ni 1-2a
hariclant1
 
PDF
PGCA_Agenda 2017
Rita Jeswant
 
Ession 5 Tp 5
githe26200
 
Session 11 Tp 11
githe26200
 
Session 2 Tp 2
githe26200
 
Session 9 Tp 9
githe26200
 
Session 3 Tp 3
githe26200
 
Ession 5 Tp 5
githe26200
 
Session 12 Tp 12
githe26200
 
Session 1 Tp 1
githe26200
 
Network Diagram
Jake Wactor
 
Dns wildcards demystified
Men and Mice
 
Scripting and automation with the Men & Mice Suite
Men and Mice
 
Address Scopes OpenStack Summit 2016
carlbaldwin
 
Subnet Pools and Pluggable IPAM
carlbaldwin
 
DNS, DHCP & IPAM with IPv6
Andreas Taudte
 
DHCP & DNS
NetProtocol Xpert
 
IETF 90 Report – DNS, DHCP, IPv6 and DANE
Men and Mice
 
Nuestar UltraDDI
danielgeorge6
 
Pmw2 k3ni 1-1b
hariclant1
 
Pmw2 k3ni 1-2a
hariclant1
 
PGCA_Agenda 2017
Rita Jeswant
 
Ad

Similar to Session 4 Tp 4 (20)

PPTX
DNS & SITES-SERVICES OF Active Directory.pptx
Dorcask3
 
PDF
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01
velimamedov
 
PPT
vpn-radius-5.ppt
ssuser472c4f
 
PDF
Zone in windows server 2012
devil00dante
 
PPTX
07 Implementing DNS Cyber security Baze University .pptx
HassanAhmadAbubakar1
 
PDF
02 configuring and-troubleshooting-dns
apshirame
 
DOCX
Linux basics andng hosti
Patruni Chidananda Sastry
 
PPT
6425 b 10
FMAB2010
 
PPT
Dns
tmavroidis
 
PPTX
Microsoft Offical Course 20410C_07
gameaxt
 
PPTX
Dns2
Himani Singh
 
PPT
Dns Configuration
Lohit Ahuja
 
DOCX
Dns interview
siddu balaganur
 
PPT
Configuring Dns
Lohit Ahuja
 
PPTX
6421 b Module-03
Bibekananada Jena
 
DOC
Dns server
Muuluu
 
PPT
Domain Name Server
vipulvaid
 
PPT
Domain Name Service
webhostingguy
 
PPT
Introduction
hajafaarukh
 
PPTX
DNS - MCSE 2019
Milad Es'Haghi
 
DNS & SITES-SERVICES OF Active Directory.pptx
Dorcask3
 
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01
velimamedov
 
vpn-radius-5.ppt
ssuser472c4f
 
Zone in windows server 2012
devil00dante
 
07 Implementing DNS Cyber security Baze University .pptx
HassanAhmadAbubakar1
 
02 configuring and-troubleshooting-dns
apshirame
 
Linux basics andng hosti
Patruni Chidananda Sastry
 
6425 b 10
FMAB2010
 
Dns
tmavroidis
 
Microsoft Offical Course 20410C_07
gameaxt
 
Dns2
Himani Singh
 
Dns Configuration
Lohit Ahuja
 
Dns interview
siddu balaganur
 
Configuring Dns
Lohit Ahuja
 
6421 b Module-03
Bibekananada Jena
 
Dns server
Muuluu
 
Domain Name Server
vipulvaid
 
Domain Name Service
webhostingguy
 
Introduction
hajafaarukh
 
DNS - MCSE 2019
Milad Es'Haghi
 

Recently uploaded (20)

PPTX
The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptx
sujalchauhan1305
 
PPTX
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
PDF
BLW VOCATIONAL TRAINING SUMMER INTERNSHIP REPORT
codernjn73
 
PDF
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
PDF
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
PPTX
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
PDF
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
PDF
How-Cloud-Computing-Impacts-Businesses-in-2025-and-Beyond.pdf
Artjoker Software Development Company
 
PDF
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
PPTX
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
PDF
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
PPTX
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
PDF
Software Development Methodologies in 2025
KodekX
 
PPTX
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
PDF
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
PDF
Doc9.....................................
SofiaCollazos
 
PDF
Cloud-Migration-Best-Practices-A-Practical-Guide-to-AWS-Azure-and-Google-Clou...
Artjoker Software Development Company
 
PDF
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
PPTX
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptx
sujalchauhan1305
 
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
BLW VOCATIONAL TRAINING SUMMER INTERNSHIP REPORT
codernjn73
 
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
How-Cloud-Computing-Impacts-Businesses-in-2025-and-Beyond.pdf
Artjoker Software Development Company
 
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
Software Development Methodologies in 2025
KodekX
 
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
Doc9.....................................
SofiaCollazos
 
Cloud-Migration-Best-Practices-A-Practical-Guide-to-AWS-Azure-and-Google-Clou...
Artjoker Software Development Company
 
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 

Session 4 Tp 4

  • 1. Session 4 DNS Network Design
  • 2. Dynamic host configuration protocol (DHCP) automates the allocation of IP addresses, the subnet mask, the default gateway and the WINS server. The DHCP servers supply IP addresses to requesting DHCP clients The DHCP process takes place in four phases, namely: IP lease request IP lease offer IP lease selection IP lease acknowledgement DHCP service can be designed for: LAN Routed Networks Non-Microsoft clients Review
  • 3. DHCP can be secured by stopping rogue servers and using firewalls One DHCP server can support thousands of DHCP clients in a local area network DHCP client uses the dynamic host communication protocol to communicate with the DHCP relay agent DHCP relay agent sends unicast packets to the DHCP server Review Contd…
  • 4. Objectives Explain DNS and its features Identify the requirements for a DNS design Identify methods to secure the DNS Network Identify methods to increase DNS performance and availability
  • 5. Domain Name System Used for conversion of Web addresses to IP addresses and IP addresses to Web addresses TCP/IP is the protocol mainly used for communication over the Internet Data is passed between computers in the form of datagrams The process of conversion of web addresses to IP addresses is called as name resolution Reverse name resolution is the process of conversion of IP addresses to web addresses
  • 6. Domain Name System Contd… The two types of requests that DNS servers accept are: Iterative Queries Recursive Queries The naming scheme in DNS is a hierarchical structure called as the DNS namespace The DNS namespace consists of a root domain with several sub-domains under it DNS can be integrated with the following services: DHCP WINS Active Directory
  • 7. DNS Network Design - Zones Refers to a portion of the DNS namespace that is contiguous Formation of zones makes name resolution easier Consists of single or multiple domains that contain sub-domains under them Every zone in the DNS namespace contains a database that contains resource records of the domains in the zone Three types of zones in DNS server are: Primary Zone Secondary Zone Stub Zone
  • 8. Creating Zones We can create zones using the New Zone Wizard Select Action  New Zone to start the New Zone Wizard
  • 9. Resource Records A resource record contains the names and IP addresses of the computer name in a zone Resource records can be created in a zone To create a resource record, select New Host (A) from the Action menu in the DNS console
  • 10. Domains Second-level domains have to be registered Naming conventions for domains are: Use short and easy names Keep the number of levels to five or less Avoid usage of shortened names that are not readable Advantages of multiple DNS servers on a network are: Division of load amongst various DNS servers Improvement of performance Reduction of the risk of failure Reduction of traffic arising out of unmanageable load on a single DNS server
  • 11. Types of DNS Servers Two types of DNS servers are: Forwarders – Receives name resolution requests from other DNS servers Caching-Only servers – Contains only cached requests and do not contain zones
  • 12. Active Directory Integrated zones Provide read/write multi master copies of the zones Secure the dynamically updated DNS zones automatically Considered as traditional DNS servers by BIND DNS servers Traditional zones contain a single primary zone
  • 13. Server Location DNS server location is based on the type of DNS zone used The types of zones are: Active Directory integrated Primary Secondary Delegated domain
  • 14. Security Threats to a DNS Server Flooding the DNS with an unmanageable amount of requests Forwarding DNS requests from a DNS server to another DNS server that is under the control of an attacker Intercepting DNS traffic on the network to gain IP addresses which are then used to gain access to protected information DNS Server Requests DNS Server -I DNS Server -II Attacker Sending request Attacker Diverted
  • 15. Secure Dynamic Updates Receives the IP address of DNS clients when the DNS server starts up
  • 16. Limiting Interface Reduces the number of network interfaces from which a DNS server can receive requests
  • 17. Securing Zone Transfer Limits the numbers of servers that can take part in a zone transfers
  • 18. Protecting a DNS Server Prevents attackers from filling incorrect or unrelated information in a DNS server cache
  • 19. DNS Network Performance The performance of a DNS server is evaluated in terms of its response time To improve DNS performance: Use upgraded hardware Reducing query resolution time by using multiple DNS servers Reducing network congestion caused by replication.
  • 20. Summary DNS servers convert Web addresses to IP addresses and IP addresses to Web addresses Name resolution is the process of conversion of web addresses to IP addresses Reverse name resolution is the process of conversion of IP addresses to IP addresses DNS servers accept iterative and recursive queries A zone is a contiguous part of the DNS namespace Consists of single or multiple domains that contain sub-domains under them
  • 21. Summary Contd… Resource records are part of zonal databases that contain web addresses and their equivalent IP address Multiple DNS servers are useful for d ivision of load amongst various DNS servers Two types of DNS servers are: Forwarders Caching-Only servers Active directory integrated zones secure the dynamically updated DNS zones automatically
  • 22. Summary Contd… Security threats to a DNS server include: Flooding the DNS with requests Forwarding DNS requests to a DNS server under the control of an attacker Intercepting DNS traffic Secure dynamic updates r eceive the IP address of DNS clients when the DNS server starts up Limiting interface r educes the number of network interfaces from which a DNS server can receive requests Securing zone transfer limits the numbers of servers that can take part in a zone transfers The performance of a DNS server is evaluated in terms of its response time