KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY

Unit 4 SeminarUnit 4 SeminarIT375 Window IT375 Window

Enterprise Enterprise AdministrationAdministration

Course Name – IT375-01 Introduction to Network Security Instructor – Jan McDanolds, MS, Security+ Contact Information: AIM – JMcDanolds Email: jmcdanolds@kaplan.edu Phone: 641-649-2980

Office Hours: Tuesday, 7:00 PM ET or Thursday, 7:00 PM ET

UNIT 3 REVIEW

Chapter 4 - DHCPInstalling and Configuring Dynamic Host Configuration Protocol

Discuss the basics of Dynamic Host Configuration Protocol (DHCP)Describe the components and processes of DHCPInstall DHCP in a Windows Server 2008 environmentConfigure the DHCP serverAdminister DHCP on clients and serversTroubleshoot DHCP

UNIT 3 REVIEW

Quick Check of ConceptsType the answers to these questions:

1. Number one reason to use DHCP? Second reason?

2. Why do you need to authorize a DHCP server in Windows Server 2008? What is a rogue server?

3. Two reasons to provide more than one DHCP server.

4. A bonus question – what is a good rule for creating scopes?

UNIT 4

Read Chapter 5 - Web-Based Labs

Chapter 4 Web-Based Labs

You can use ScreenHunter 5.0 free screen capture software to show your work. Reduces the size of the Word file.

Issues with the Labs?

UNIT 4

Introduction to DNS in Windows Server 2008

Chapter 5 – Objectives

Discuss the basics of the Domain Name System

(DNS) and its terminology

Configure DNS clients

Install standard DNS server on Windows Server 2008

Create standard DNS zones

UNIT 4

Domain Name System - DNSThe primary function is to translate human-readable host names.

Assists the flow of e-mail - mail exchanger records tell a Simple Mail Transfer Protocol (SMTP) server where to send an e-mail message

Thousands of distributed servers (DNS servers) on the Internet

Terminology:DNS namespaceDNS domainFully qualified domain nameHostsHost nameDNS recordDNS zone

UNIT 4

DNS namespaceDNS namespaceOrganized into the following domains: root domain (.), top-level domain (TLD), second-level domain, and subdomain

DNS domainThe portion of the namespace to the right of the host nameFully qualified domain namesThe entire name for a specific host that needs to have a DNS record created

UNIT 4

Host - A computer on the Internet that provides a specific resourceHost name - Name given to a computer, or host, to make connecting to it easier

DNS zone Collection of connected nodes served by an authoritative DNS name server

DNS recordsDNS uses records to provide the information it stores in its database

DNS zone

UNIT 4

DNS QueriesIterative query

A DNS client requests the best answer that its DNS server can provide

Recursive queriesQueries where the client requires an answer from its DNS server

DNS clients – called DNS resolvers

UNIT 4

Field TripsWhat is a root server?http://root-servers.org/

Map: http://www.root-servers.org/map/ pins show locationhttp://root-servers.org/presentations/rootops-gac-rio.pdf

DNS is used before any actual Internet transaction (like web page transfer).• The root servers are only used as the entry point to the system.• "Caching" makes clients remember answers and avoid

contacting the root servers whenever possible.

Hence the number of lookups is comparatively small.Not 13 machines, but 13 installations providing service! (Number

increasing with anycast.) ftp://ftp.internic.net/domain/named.root

A through M Ex: http://k.root-servers.org/

UNIT 4

Field Trips1. http://www.internic.net/whois.html

Who Is? www.kaplan.edu What is .com versus .edu? Name servers?

2. http://dnscheckit.com/ kaplan.com 3com.com

3. http://lookupserver.com/Enter 207.12.8.3 in the IPCity – Geolocation. Where?

Latitude? Longitude?

4. http://www.mxtoolbox.com/DNSLookup.aspx• What is a blacklist?

• http://www.dnsstuff.com/

UNIT 4

DNS Client Settings

DNS servers - For a client to resolve DNS queries, it needs to know which server to contact. The first DNS server in the list is called the preferred DNS server

DNS suffix - DNS domain appended to all unqualified name queries, or a query that contains only a host name

UNIT 4

DNS Client Settings

Windows 7Client settings using DHCP

Advanced buttonAdvanced TCP/IP Settings

UNIT 4

DNS UpdatesWindows Server 2008 supports dynamic updates with both standard and Active Directory Domain ServicesDDNS - Dynamic update enables DNS client computers to register and dynamically update their resource records with a DNS server. Reduces manual administration of zone records for clients that frequently move or change locations - uses DHCP.

Request for Comments (RFC) 2136, "Dynamic Updates in the Domain Name System." The DNS Server service allows dynamic update to be enabled or disabled on a per-zone basis at each server. By default, the DNS Client service will dynamically update host (A) resource records (RRs) in DNS when configured for TCP/IP. For more information about RFCs, see DNS RFCs.

UNIT 4

Installing DNSDNS - A role that can be installed on Windows Server 2008 Full and Server Core versions. Often combined with other services such as DHCP

Installing Cache-only DNS server This server has the DNS role installed, however it does not hold a DNS zone so it is not authoritative for any DNS zones. Does not maintain DNS records

Root hints - Provide IP address pointers to top-level DNS servers A DNS server can perform queries when it receives domain name requests for zones in which it is not authoritativeProvides referral answers to queries to resolve an unknown domain name request

Forwarders - servers used to resolve names

UNIT 4

DNS ZonesZones - Building blocks for creating your DNS infrastructureDNS zones - Classified in three ways: the information they store, where they are stored and their read/write status

Fall into two categories: Standard and Active Directory

Standard Zones and Types - zone.dns - Used to store DNS records Berkeley Internet Name Domain (BIND) - Industry standard of DNS servers on the Internet and networks running DNS on UNIX/Linux systems

Primary DNS zoneThe zone that is authoritative for a specific domain and its name records

Secondary DNS zoneRead-only version of the DNS records for a zone

Stub zoneRead-only copy of a zone that obtains its resource records from the name servers that are authoritative for a particular zone

UNIT 4

DNS Resource RecordsInformation in a DNS record: Owner, Time-to-Live (TTL), Class, Type

Resource Record Data (RDATA)

Start of Authority (SOA) - Record is the starting point for information related to a zone Table 5-1 on page 191

Name server (NS) record identifies a DNS server that is authoritativeHost (A) record provides host name–to–IP address resolution for DNS clientsHost (AAAA) records for IPv6 maps a host name to an IPv6 addressMail exchanger (MX) record - Specifies the server that is responsible for handling e-mail Alias records - Used to create an alias for a specific hostPointer records - Resolves IP address to host names for DNS clientsService locator records – Provides location of services it needs, network protocol needed to access the previously mentioned services, and domain services it provides

UNIT 4

Standard DNS Zone TransfersMaster server - Provides updated DNS records to secondary serversSlave server - Gets its updates from the master zone transfer partner specified on the Zone Transfer tab in DNS Zone transfers from the master to the secondary server come in two varieties: Incremental zone transfers (IXFRs) and Full zone transfers (AXFRs)

UNIT 4

Nslookup UtilityTCP/IP Utility for DNS - Nslookup.exe is a command-line administrative tool for testing and troubleshooting DNS servers. It is installed with the TCP/IP protocol.

Nslookup.exe can run in two modes: interactive and noninteractive. Noninteractive mode is useful when only a single piece of data needs to be returned. The syntax for noninteractive mode is:

nslookup [-option] [hostname] [server] To start Nslookup.exe in interactive mode, simply type "nslookup" at the command prompt:C:\> nslookup

Default Server: nameserver1.domain.com Address: 10.0.0.1 >

Typing "help" or "?" at the command prompt will generate a list of available commands. Type “exit” to leave nslookup. http://support.microsoft.com/kb/200525

UNIT 4

Unit 4 AssignmentREVIEW the Rubrics for UNIT 4

Part I and Part II

Part I- (20 points) Complete the 12 Chapter 5 Web-Based Labs

UNIT 4

Unit 4 AssignmentPart II - (20 points) Using tools you learned about in this chapter and other tools available, research the sun.com, whois.net, and icann.org.

Your goal is to find out all of the publicly available information about each domain including domain registration information, DNS records, and IP addresses. At a minimum, you will submit the following for each domain:

Domain admin email address Domain expiration date All name servers for the domain All available A records All available MX records