kaplan school of information systems and technology
DESCRIPTION
Kaplan School of Information Systems and Technology. Unit 4 Seminar IT375 Window Enterprise Administration. Course Name – IT375-01 Introduction to Network Security Instructor – Jan McDanolds, MS, Security+ Contact Information: AIM – JMcDanolds - PowerPoint PPT PresentationTRANSCRIPT
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY
Unit 4 SeminarUnit 4 SeminarIT375 Window IT375 Window
Enterprise Enterprise AdministrationAdministration
Course Name – IT375-01 Introduction to Network Security Instructor – Jan McDanolds, MS, Security+ Contact Information: AIM – JMcDanolds Email: [email protected] Phone: 641-649-2980
Office Hours: Tuesday, 7:00 PM ET or Thursday, 7:00 PM ET
UNIT 3 REVIEW
Chapter 4 - DHCPInstalling and Configuring Dynamic Host Configuration Protocol
Discuss the basics of Dynamic Host Configuration Protocol (DHCP)Describe the components and processes of DHCPInstall DHCP in a Windows Server 2008 environmentConfigure the DHCP serverAdminister DHCP on clients and serversTroubleshoot DHCP
UNIT 3 REVIEW
Quick Check of ConceptsType the answers to these questions:
1. Number one reason to use DHCP? Second reason?
2. Why do you need to authorize a DHCP server in Windows Server 2008? What is a rogue server?
3. Two reasons to provide more than one DHCP server.
4. A bonus question – what is a good rule for creating scopes?
UNIT 4
Read Chapter 5 - Web-Based Labs
Chapter 4 Web-Based Labs
You can use ScreenHunter 5.0 free screen capture software to show your work. Reduces the size of the Word file.
Issues with the Labs?
UNIT 4
Introduction to DNS in Windows Server 2008
Chapter 5 – Objectives
Discuss the basics of the Domain Name System
(DNS) and its terminology
Configure DNS clients
Install standard DNS server on Windows Server 2008
Create standard DNS zones
UNIT 4
Domain Name System - DNSThe primary function is to translate human-readable host names.
Assists the flow of e-mail - mail exchanger records tell a Simple Mail Transfer Protocol (SMTP) server where to send an e-mail message
Thousands of distributed servers (DNS servers) on the Internet
Terminology:DNS namespaceDNS domainFully qualified domain nameHostsHost nameDNS recordDNS zone
UNIT 4
DNS namespaceDNS namespaceOrganized into the following domains: root domain (.), top-level domain (TLD), second-level domain, and subdomain
DNS domainThe portion of the namespace to the right of the host nameFully qualified domain namesThe entire name for a specific host that needs to have a DNS record created
UNIT 4
Host - A computer on the Internet that provides a specific resourceHost name - Name given to a computer, or host, to make connecting to it easier
DNS zone Collection of connected nodes served by an authoritative DNS name server
DNS recordsDNS uses records to provide the information it stores in its database
DNS zone
UNIT 4
DNS QueriesIterative query
A DNS client requests the best answer that its DNS server can provide
Recursive queriesQueries where the client requires an answer from its DNS server
DNS clients – called DNS resolvers
UNIT 4
Field TripsWhat is a root server?http://root-servers.org/
Map: http://www.root-servers.org/map/ pins show locationhttp://root-servers.org/presentations/rootops-gac-rio.pdf
DNS is used before any actual Internet transaction (like web page transfer).• The root servers are only used as the entry point to the system.• "Caching" makes clients remember answers and avoid
contacting the root servers whenever possible.
Hence the number of lookups is comparatively small.Not 13 machines, but 13 installations providing service! (Number
increasing with anycast.) ftp://ftp.internic.net/domain/named.root
A through M Ex: http://k.root-servers.org/
UNIT 4
Field Trips1. http://www.internic.net/whois.html
Who Is? www.kaplan.edu What is .com versus .edu? Name servers?
2. http://dnscheckit.com/ kaplan.com 3com.com
3. http://lookupserver.com/Enter 207.12.8.3 in the IPCity – Geolocation. Where?
Latitude? Longitude?
4. http://www.mxtoolbox.com/DNSLookup.aspx• What is a blacklist?
• http://www.dnsstuff.com/
UNIT 4
DNS Client Settings
DNS servers - For a client to resolve DNS queries, it needs to know which server to contact. The first DNS server in the list is called the preferred DNS server
DNS suffix - DNS domain appended to all unqualified name queries, or a query that contains only a host name
UNIT 4
DNS Client Settings
Windows 7Client settings using DHCP
Advanced buttonAdvanced TCP/IP Settings
UNIT 4
DNS UpdatesWindows Server 2008 supports dynamic updates with both standard and Active Directory Domain ServicesDDNS - Dynamic update enables DNS client computers to register and dynamically update their resource records with a DNS server. Reduces manual administration of zone records for clients that frequently move or change locations - uses DHCP.
Request for Comments (RFC) 2136, "Dynamic Updates in the Domain Name System." The DNS Server service allows dynamic update to be enabled or disabled on a per-zone basis at each server. By default, the DNS Client service will dynamically update host (A) resource records (RRs) in DNS when configured for TCP/IP. For more information about RFCs, see DNS RFCs.
UNIT 4
Installing DNSDNS - A role that can be installed on Windows Server 2008 Full and Server Core versions. Often combined with other services such as DHCP
Installing Cache-only DNS server This server has the DNS role installed, however it does not hold a DNS zone so it is not authoritative for any DNS zones. Does not maintain DNS records
Root hints - Provide IP address pointers to top-level DNS servers A DNS server can perform queries when it receives domain name requests for zones in which it is not authoritativeProvides referral answers to queries to resolve an unknown domain name request
Forwarders - servers used to resolve names
UNIT 4
DNS ZonesZones - Building blocks for creating your DNS infrastructureDNS zones - Classified in three ways: the information they store, where they are stored and their read/write status
Fall into two categories: Standard and Active Directory
Standard Zones and Types - zone.dns - Used to store DNS records Berkeley Internet Name Domain (BIND) - Industry standard of DNS servers on the Internet and networks running DNS on UNIX/Linux systems
Primary DNS zoneThe zone that is authoritative for a specific domain and its name records
Secondary DNS zoneRead-only version of the DNS records for a zone
Stub zoneRead-only copy of a zone that obtains its resource records from the name servers that are authoritative for a particular zone
UNIT 4
DNS Resource RecordsInformation in a DNS record: Owner, Time-to-Live (TTL), Class, Type
Resource Record Data (RDATA)
Start of Authority (SOA) - Record is the starting point for information related to a zone Table 5-1 on page 191
Name server (NS) record identifies a DNS server that is authoritativeHost (A) record provides host name–to–IP address resolution for DNS clientsHost (AAAA) records for IPv6 maps a host name to an IPv6 addressMail exchanger (MX) record - Specifies the server that is responsible for handling e-mail Alias records - Used to create an alias for a specific hostPointer records - Resolves IP address to host names for DNS clientsService locator records – Provides location of services it needs, network protocol needed to access the previously mentioned services, and domain services it provides
UNIT 4
Standard DNS Zone TransfersMaster server - Provides updated DNS records to secondary serversSlave server - Gets its updates from the master zone transfer partner specified on the Zone Transfer tab in DNS Zone transfers from the master to the secondary server come in two varieties: Incremental zone transfers (IXFRs) and Full zone transfers (AXFRs)
UNIT 4
Nslookup UtilityTCP/IP Utility for DNS - Nslookup.exe is a command-line administrative tool for testing and troubleshooting DNS servers. It is installed with the TCP/IP protocol.
Nslookup.exe can run in two modes: interactive and noninteractive. Noninteractive mode is useful when only a single piece of data needs to be returned. The syntax for noninteractive mode is:
nslookup [-option] [hostname] [server] To start Nslookup.exe in interactive mode, simply type "nslookup" at the command prompt:C:\> nslookup
Default Server: nameserver1.domain.com Address: 10.0.0.1 >
Typing "help" or "?" at the command prompt will generate a list of available commands. Type “exit” to leave nslookup. http://support.microsoft.com/kb/200525
UNIT 4
Unit 4 AssignmentREVIEW the Rubrics for UNIT 4
Part I and Part II
Part I- (20 points) Complete the 12 Chapter 5 Web-Based Labs
UNIT 4
Unit 4 AssignmentPart II - (20 points) Using tools you learned about in this chapter and other tools available, research the sun.com, whois.net, and icann.org.
Your goal is to find out all of the publicly available information about each domain including domain registration information, DNS records, and IP addresses. At a minimum, you will submit the following for each domain:
Domain admin email address Domain expiration date All name servers for the domain All available A records All available MX records