Session 4 Tp 4
-
Upload
githe26200 -
Category
Technology
-
view
1.046 -
download
2
description
Transcript of Session 4 Tp 4
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 1 of 22
Session 4
DNS Network Design
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 2 of 22
Dynamic host configuration protocol (DHCP) automates the allocation of IP addresses, the subnet mask, the default gateway and the WINS server.
The DHCP servers supply IP addresses to requesting DHCP clients
The DHCP process takes place in four phases, namely: IP lease request IP lease offer IP lease selection IP lease acknowledgement
DHCP service can be designed for: LAN Routed Networks Non-Microsoft clients
Review
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 3 of 22
DHCP can be secured by stopping rogue servers and using firewalls
One DHCP server can support thousands of DHCP clients in a local area network
DHCP client uses the dynamic host communication protocol to communicate with the DHCP relay agent
DHCP relay agent sends unicast packets to the DHCP server
Review Contd…
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 4 of 22
Objectives Explain DNS and its features Identify the requirements for a DNS
design Identify methods to secure the DNS
Network Identify methods to increase DNS
performance and availability
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 5 of 22
Domain Name System Used for conversion of Web addresses to IP
addresses and IP addresses to Web addresses
TCP/IP is the protocol mainly used for communication over the Internet
Data is passed between computers in the form of datagrams
The process of conversion of web addresses to IP addresses is called as name resolution
Reverse name resolution is the process of conversion of IP addresses to web addresses
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 6 of 22
Domain Name System Contd…
The two types of requests that DNS servers accept are: Iterative Queries Recursive Queries
The naming scheme in DNS is a hierarchical structure called as the DNS namespace
The DNS namespace consists of a root domain with several sub-domains under it
DNS can be integrated with the following services: DHCP WINS Active Directory
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 7 of 22
DNS Network Design - Zones
Refers to a portion of the DNS namespace that is contiguous
Formation of zones makes name resolution easier Consists of single or multiple domains that
contain sub-domains under them Every zone in the DNS namespace contains a
database that contains resource records of the domains in the zone
Three types of zones in DNS server are: Primary Zone Secondary Zone Stub Zone
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 8 of 22
Creating Zones We can create
zones using the New Zone Wizard
Select Action New Zone to start the New Zone Wizard
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 9 of 22
Resource Records A resource record contains the names and IP
addresses of the computer name in a zone Resource records can be created in a zone To create a resource record, select New Host (A)
from the Action menu in the DNS console
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 10 of 22
Domains Second-level domains have to be registered Naming conventions for domains are:
Use short and easy names Keep the number of levels to five or less Avoid usage of shortened names that are not readable
Advantages of multiple DNS servers on a network are: Division of load amongst various DNS servers Improvement of performance Reduction of the risk of failure Reduction of traffic arising out of unmanageable load
on a single DNS server
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 11 of 22
Types of DNS Servers Two types of DNS servers are:
Forwarders – Receives name resolution requests from other DNS servers
Caching-Only servers – Contains only cached requests and do not contain zones
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 12 of 22
Active Directory Integrated zones
Provide read/write multi master copies of the zones
Secure the dynamically updated DNS zones automatically
Considered as traditional DNS servers by BIND DNS servers
Traditional zones contain a single primary zone
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 13 of 22
Server Location DNS server location is based on the type
of DNS zone used The types of zones are:
Active Directory integrated Primary Secondary Delegated domain
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 14 of 22
Security Threats to a DNS Server
Flooding the DNS with an unmanageable amount of requests
Forwarding DNS requests from a DNS server to another DNS server that is under the control of an attacker
Intercepting DNS traffic on the network to gain IP addresses which are then used to gain access to protected information
DNS Server
Requests
DNS
Server -I
DNS
Server -II
Attacker
Sending request
Attacker
Diverted
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 15 of 22
Secure Dynamic Updates Receives the IP
address of DNS clients when the DNS server starts up
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 16 of 22
Limiting Interface Reduces the number
of network interfaces from which a DNS server can receive requests
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 17 of 22
Securing Zone Transfer Limits the numbers
of servers that can take part in a zone transfers
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 18 of 22
Protecting a DNS Server Prevents attackers
from filling incorrect or unrelated information in a DNS server cache
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 19 of 22
DNS Network Performance The performance of a DNS server is
evaluated in terms of its response time To improve DNS performance:
Use upgraded hardware Reducing query resolution time by
using multiple DNS servers Reducing network congestion caused
by replication.
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 20 of 22
Summary DNS servers convert Web addresses to IP addresses
and IP addresses to Web addresses Name resolution is the process of conversion of web
addresses to IP addresses Reverse name resolution is the process of conversion
of IP addresses to IP addresses DNS servers accept iterative and recursive queries A zone is a contiguous part of the DNS namespace Consists of single or multiple domains that contain
sub-domains under them
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 21 of 22
Summary Contd… Resource records are part of zonal databases that
contain web addresses and their equivalent IP address
Multiple DNS servers are useful for division of load amongst various DNS servers
Two types of DNS servers are: Forwarders Caching-Only servers
Active directory integrated zones secure the dynamically updated DNS zones automatically
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 4 / Slide 22 of 22
Summary Contd… Security threats to a DNS server include:
Flooding the DNS with requests Forwarding DNS requests to a DNS server under the
control of an attacker Intercepting DNS traffic
Secure dynamic updates receive the IP address of DNS clients when the DNS server starts up
Limiting interface reduces the number of network interfaces from which a DNS server can receive requests
Securing zone transfer limits the numbers of servers that can take part in a zone transfers
The performance of a DNS server is evaluated in terms of its response time