Pass your certification exam. Faster. Guaranteed.

DNS and DHCP Transcription

Welcome to our IP networking module on DHCP, DNS and ICMP. Dynamic Host Configuration Protocol, or DHCP, is a commonly used client server protocol that utilizes UDP. When clients join a new network, they can broadcast a request for configuration information. A DHCP server will then send out unique IP addresses and this automates the configuration for IP address information on your hosts.

IP addresses are leased out from a range which is referred to as a scope. All of the hosts that successfully joined using DHCP will be automatically configured with a location of important resources such as the default gateway. DORA is the sequence of actions that occurs when a system joins a network and requests and receives information via DHCP.

The DHCP leasing process is described by DORA, the first step is Discover where the client connects to a network and broadcasts a DHCP discover message. The server then responds with a DHCP offer message offering the client an IP address. The client chooses the DHCP offer it receives, and then sends a DHCP request message, accepting the proper information from that server.

The server then send a DHCP acknowledgement message to the client letting the client know that it has successfully been assigned that IP address. The DHCP server issues the IP address for a certain amount of time known as a lease. When 50% of the lease time expires, the client will contact the original server and request to renew its lease for the same IP address.

If there is no response, the client will try again at 87.5% of its lease time remaining. You should be aware the rogue DHCP servers are a major threat because an attacker can redirect your users to rogue networks and default gateways. And you should be familiar with this for the CISSP examination.

With today's Enterprise environments, it is no longer acceptable to have only one DHCP or DNS server. Because you will not have high availability if one of the servers goes offline. It is common to use a split or shared DHCP scope, which allows you to have redundancy. DHCP forwarding with a DHCP relay agent is an option that allows you to place a DHCP server outside your subnet, letting a router forward broadcast traffic.

Split DNS is a best practice which allows you to have two DNS servers, one internal for locating your internal domain resources and one external DNS server to connect to Internet resources. You should remember for the CISSP examination that split DNS is best practice and involves two servers, one internal and one external.

DNS stands for Domain Name Service, and this allows us to translate human-readable host names, like msn.com, into the IP addresses that are used to transmit traffic to and from sites on the Internet. Host names are divided into areas called zones, and the DNS server that holds resource records for a particular zone is known as the authoritative DNS server for that zone.

You will most likely have two DNS servers in your environment, one in your local area network to resolve private resources, and a public DNS server used on your wide area network. Typically through your Internet service provider, to allow your employees to connect to resources on the Internet. It is important to make sure that you secure your DNS servers.

Previously, we discussed split DNS, which is where you have two DNS servers, one for your internal traffic and one for your external traffic. This allows name resolution for your internal network hosts to be separated from name resolution for public addresses. You should also enable DNSSEC for security and authentication, which uses digital signatures to ensure that you are communicating with the proper DNS server.

You should remember for the CISSP examination that DNSSEC is a way to secure domain name service. You should also limit your DNS interface access. If DNS is multihoned, you should indicate in the properties of the server the interface to listen for name requests. You should also block zone transfers which use TCP port 53, and you should use digitally signed secure dynamic updates to ensure that no one tampers with your DNS servers.

ICMP or Internet Control Message Protocol, is not TCP or UDP, it is its own protocol. You should remember that for the CISSP examination. ICMP is a simple message protocol which supports Internet Protocol, but it can be misused by attackers to create many different types of hazards on your network, including data exfiltration.

It allows you to check status and also provides error messages in case there is network congestion, ascending failure, or a downed link. You may be familiar with the PING utility, which uses this protocol to check to see if a system is online using an ICMP echo request and reply message.

Routers will put ICMP messages into IP datagrams to indicate that a message could not be delivered, or that some other problem occurred. Simple network management protocol, or SNMP, is another technology that is commonly used to manage networks. The previous versions of this technology did have some security issues, but version three is considered to be secure.

This concludes our IP networking module. Thank you for watching.