mang may tinh nc_slides_2

8/13/2019 Mang May Tinh NC_Slides_2

1/441

MNG MY TNH NNG CAOTS. Nguyn Vn [email protected]

Nm hc 2013-2014

KHOA CNG NGH THNG TIN, HUTECHB mn Mng & Truyn thng My tnh


2/441

NI DUNG MN HC Knowledge

Chapter 1: TCP/IP, Name Resolving

Chapter 2: Domain Name System Chapter 3: Routing & Remote Access Chapter 4: DHCP & FTP

Chapter 5: Email Service Chapter 6: WEB Service Chapter 7: Firewalls

Chapter 8: MPLS & Border Gateway Protocol

Skill: network administrating2


3/441

Ti liu tham kho Required textbook Networking text books

Computer Networking: A Top-Down Approach Featuringthe Internet (5rd edition), by Kurose and Ross

Computer Networking: (6th edition), by Kurose andRoss

Network administrating references TCP/IP Illustrated, Volume 1: The Protocols, by Stevens

WindowServer 2003 Network InfrastructureImplementation,Management, and Maintenance

CCNP-ISCW, Volume 1&2

3


4/441

Grading and Schedule Four assignments (10% each) 95% 3 hours, 70% 2 days late, 50% > 3 days

late One free late day during semester Must complete all assignments to pass

Final exams (50% total) Midterm exam before spring break (25%) Final exam during exam period (25%)

Class participation (10%) In lecture and precept In the forums

4


5/441

Chapter 1: Suite of TCP/IP Protocols

Chapter 1

Suite of

TCP/IP Protocols


6/441

Lessons

Lesson 1: OSI Model

Lesson 2: TCP/IP Protocol Suite

Lesson 3: Basic Commands

Lesson 4: Using Network Monitor

Chapter 1 : Suite of TCP/IP Protocols


7/441

What is the OSI Model ?

Lesson 1: OSI Model

a framework for networking standards can be developed.

provided vendors with a set of standards that ensuredgreater compatibility and interoperability between thevarious types of network technologies.

Researched and developed by the ISO - InternationalOrganization for Standardizations.

1977: establish a subcommittee to develop a communications

architecture.

1984: publish ISO-7498, the Open System Interconnection(OSI) reference model.


8/441

OSI reference Model

In the OSI model:

Each layer has a definednetworking function

Each layer communicates

with the layer above andbelow it

Layer seven providesservices for programs togain access to the

network Layers one and two define

the networks physicalmedia and related tasks

Application

Presentation

Session

Transport

Network

Data-Link

Physical

7

3

4

5

6

2

1

Lesson 1: OSI Model


9/441

Transmission of an unstructured bit streamover a physical link between end systems.

Electrical, mechanical,specificationsPhysical data rateDistancesPhysical connector

The physical layer

Lesson 1: OSI Model


10/441

Provides for the reliable transfer of datacross a physical link.

FramesPhysical addressNetwork topology

SynchronizationError controlFlow control

The data-link layer



11/441

Provides connectivity and path selection

between two host systems that may belocated on geographically separatednetworks.

Packets Virtual circuits

Route, routing table, routingprotocol Logical address

Fragmentation

The network layer

Lesson 1: OSI Model


12/441

Provides reliable, transparent transfer ofdata over networks.

Segments, data stream, datagram Connection oriented and

connectionless

End-to-end flow control Error detection and recovery Segmentation & reassembly

The transport layer

Lesson 1: OSI Model


13/441

Establishes, manages, and terminatessessions between two communicating

hosts. Sessions Dialog

Conversations Data exchange

The session layer

Lesson 1: OSI Model


14/441

Ensures that the information that the application layer ofone system sends out is readable by the application layer

of another system. Format of data Data structure Data conversion

Data compression Data encryption

The presentation layer



15/441

Is the OSI layer that is closest to the user; itprovides network services to the usersapplications.

File transferElectronic mailTerminal access

Word processingIntended communication partners

The application layer

Lesson 1: OSI Model


16/441

Encapsulation example: E-mail

Lesson 1: OSI Model


17/441

Originally developed by The Defense AdvanceResearch Projects Agency (DARPA) to

interconnect various defense departmentcomputer networks.

TCP/IP is really a family of protocols referred to as theInternet Protocol Suite

TCP/IP Protocol Suite



18/441

The TCP/IP Model relate to the OSI Model

TCP/IP Protocol SuiteTCP/IPOSI

TCP UDP

ARP

IGMP ICMPIP

EthernetFrameRelay

TokenRing

ATM

Appl ication

Transport

Link

HTTP FTP SMTP

DNS RIP SNMP

Appl icat ion

Transport

Network

Data-Link

Presentation

Session

Physical

Internet



19/441

Provides addressing at the network layer

Provides fragmentation and reassembly of packets

IP Internet Protocol



20/441

TCP provides guaranteed delivery by establishing a virtual circuit between

sender and receiver this virtual circuit is called a socket

TCP Transmission Control Protocol



21/441

Internet Protocol (TCP/IP) Properties



22/441

Viewing IP Configuration



23/441

How an IP Packet Moves Through the Suite of TCP/IP Protocols

The Four Layers of the TCP/IP Protocol Suite:

Application

Transport

Internet Link



24/441

Practise: Protocols and Layers of the TCP/IP Model

In thispractice, youwill associatetheprotocolsand layersof theTCP/IPmodel

Application

Presentation

Session

TransportNetwork

Data-Link

Physical

7

34

5

6

2

1



25/441

Ping: Used to verify reachability of intended destinations using ICMP Echo

messages.

Ipconfig, ipconfig/all, ipconfig/displaydns, ipconfig/displaydns |more

Route: Used to view and modify the entries in the routing table.

Tracert:Used to send ICMP Echo messages to discover the path between anode.

Pathping:Used to discover the path between a host and destination or toidentify high-loss links.

Basic Commands



26/441

What is PingYou can run Ping from a client computer to test the connection to any host, such as

a router or a server:

The server sends an Echo Reply back to the client computer The client computer sends an Echo Request to the server

You check the details of the Echo Reply to determine the quality of the

connection



27/441

Ipconfig /all Ipconfig /displaydns



28/441

Route print



29/441

Tracert & Pathping



30/441

Microsoft Network Monitor


Network Monitor:

Captures a sample of network traffic

Uses filters to select specificpackets

Decodes the packets in the

language of the individual protocols

Compiles network statistics

1

2

4

3


31/441

How to install Microsoft Network Monitor



32/441

Microsoft Network Monitor



33/441

How to capture frames



34/441

Examining Captured Network Traffic


L 4 U i N t k M it


35/441


Examining Captured Network Traffic

Ch t 1 R l i N


36/441

Chapter 1: Resolving Names

Chapter 1

Resolving Names



37/441

Lessons

Lesson 1:Name Resolution Process

Lesson 2: Managing the ARP Cache

Lesson 3: NETBIOS Name

Lesson 4: Configuring NetBIOS Name Resolution

Lesson 5: Configuring Host Name Resolution

Lesson 6: Static Name Resolution

Lesson 7: Dynamic Name Resolution


L 1 N R l ti P


38/441

IP names

IP addresses might be fine for computers, but humans prefer to use names.

For example:

http://www.vnn.vn

rather than

http://203.162.168.130

This is accomplished with either Host lookup tables on each machine or a

Domain Name Server (DNS)

Lesson 1: Name Resolution Process

Lesson 1 Name Resol tion Process


39/441

Explain what a host name is

Explain what a NetBIOS name is

Overview

192.168.1.5

192.168.0.5

DNS Server

192.168.2.102

Payroll.contoso.msft

Corp01.contoso.msft




40/441

What are Host Names ?

Examples:

A host nameis the DNS name, of a device on a network, that isused to locate computers on the network

FQDN

server1.nwtraders.msft.

server1.training.nwtraders.msft.

FQDN

DNS SuffixHost Name

DNS SuffixHost Name

Server1 = 192.168.0.67

Server1 = 192.168.0.66

msft

. Root

nwtraders

training


Lesson 1: NameResolution Process


41/441

What are Host names ?

AHost name can exist as a single-part name or it can used with the

suffix to create the identifier for a Resource on a TCP/IP network

Thesuffix is essential the the Host name, because it allows twoidentical Host names to exist on the network without conflict

AHost name andSuffix are known together as the Fully QualyfiedDomain Name (FQDN)

Afully qualified domain name (FQDN) is a DNS domain name thathas been stated unambiguously to indicate with absolute certainty itslocation in the domain namespace tree




42/441

How Names Are Mapped to IP Addresses

Name Resolution

Service

192.168.1.200

Computer44

Where is theComputer44

file?

Computer44

1

2

3


Lesson 1: NameResolution Process


43/441

How to View Host Names on a Client


View host names and DNS suffixes by using the Ipconfig utility

View host names by using Hostname utility

View host names by using System Properties

Rename a computer

Lesson 2: Managing the ARPCache


44/441

Managing the ARP Cache

Static and Dynamic ARP Cache Entries

How ARP Resolves IP Addresses to MAC Addresses

Using the ARP Tool to Manage the ARP Cache


Lesson 2: Managing the ARPCache


45/441

Address Resolution Protocol (ARP)




46/441

Static and Dynamic ARP Cache Entries

An ARP cache

The cache is a table of recently resolved IP addresses andtheir corresponding MAC addresses

TCP/IP checks the ARP cache before sending an ARPrequest

To view the cache, type arp a at the command prompt

Static cache entries: Dynamic cache entries:

Have no time-out valueMust be added manually

Must be updated

Have a time-out valueAre removed after thespecified time

g g



47/441

How ARP Resolves IP Addresses to MAC Addresses

ComputerA

ComputerC

ComputerBARP cache ischecked1

1

ARP entry isadded3

3

2

ARP requestis sent2

4

ARP reply issent4

ARP entry isadded5

5 6

IP packetis sent6IP packetis sent6

g g



48/441

Using the ARP Tool to Manage the ARP Cache



49/441

Overview

The Types of Names Computers Use

What Is NetBIOS?

What Is a NetBIOS Name?

What Is NetBT?

Types of NetBT Nodes

What Is Nbtstat?



50/441

The Types of Names Computers Use

Name Description

NetBIOS Names

16-byte address

Can represent a single computer or group ofcomputers

15 characters used for the name

16th character is used by the services that a

computer offers to the network

Host Names

Assigned to a computers IP address

255 characters in length

Can contain alphabetic and numeric characters,hyphens, and periods.

Can take various forms

Alias

Domain name



51/441

What is NETBIOS

Applicat ion

Transport

Internet

Link

TCP/IP

Appl icat ion

Transport

Network

Data-Link

OSI

Presentation

Session

Physical

NetBIOS Interface

NetBIOS Applications

NetBIOS

Is an APIOperates at the session andtransport layers of the OSIprotocol stack

Establishes names, sessionsand data transfer



52/441

What is a NetBIOS Name

Server2

NetBIOS Name 16th character Services IP address

Server2 00 Workstation 192.168.0.39

Server2 20 Server 192.168.0.39

Server2 01 Messenger 192.168.0.39

ANetBIOS name is an identifier used by NetBIOSservices runningon a computer. It is made up of a 15-character name plus a 16th

character (1byte) denoting theservice



53/441

NETBIOS Name

Payroll

Payroll

Corp1

Corp1

16 byte name16th character is a 1 byte hexadecimal identifier

Used for the name of a computer or the name of aservice running on the computer



54/441

What is NetBT

NetBT

Runs on top of the TCP/IP network protocol

Supports discovery, registration and release of NetBIOS names

Uses broadcast or a NetBIOS name server, depending on node type

Transport

Internet

Application

NetBIOS Interface

NetBT

TCP/IP

NetBIOS Applications



55/441

NetBIOS Name Resolution Process

NetBIOS name resolutionis the process of

mapping a NetBIOS name to an IP address

What is the

IP address forSalescomputer2?

Salescomputer2

1

3

192.168.1.35

Salescomputer2

NetBIOSName Cache WINS Broadcast Lmhosts File

2



56/441

Types of NetBT Nodes

NetBt Node Types

B-node (broadcast) Uses NetBIOS broadcast name queries

P-node (peer-to-peer) Uses NetBios Name Server (NBNS or WINS)

M-node (mixed)A combination of B-node and P-node. Uses

broadcast first by default

H-node (hybrid)A combination of B-node and P-node. Uses

NBNS first by default

Microsoft enhanced B-node Uses the Lmhosts file



57/441

What is Nbtstat

Use nbstat to:Check the state of current NetBT connections

Update the Lmhosts cache

Determine the registered name of a client



58/441

Overview


NetBIOS Name Cache

How to View and Release the NetBIOS Name Cache

Broadcasts

Lmhosts File



59/441


NetBIOS name resolution is the process of

mapping a NetBIOS name to an IP address.

What is the

IP address for

Salescomputer2?

Salescomputer2

1

3

192.168.1.35Salescomputer2

Client ResolverCache DNS Hosts File

NetBIOSName Cache WINS Broadcast Lmhost File

2



60/441


The NetBIOS Name resolution process is configurable .The defaultorder, in which the client is configured to query a WINS server andto use Lmhosts lookup is as follows :

NetBIOS Cache

WINS server

Send to the Local network as a broadcast

Local Lmhosts file



61/441

NetBIOS Name Cache

Resolved host names

from the WINS server

Computer1

Lmhosts File

Resolved host namesfrom broadcasts

A NetBIOS name cache is a location in memory that stores NetBIOS namesthat have recently been resolved to IP addresses whether through a WINSserver, broadcast, or Lmhosts file

Broadcast



62/441

NetBIOS Name Cache

The first place that the NetBIOS redirector searches for an IPaddress to map a NetBIOS name.

Resolves IP Addresses more quickly than a WINS server,

broadcast, or Lmhosts file.Do not create network traffic.

Purpose of a NetBIOS Name Cache is :



63/441

How to View and Release the NetBIOS Name Cache

View the contents of the local computers NetBIOS name cache

Release the NetBIOS name cache and reload the #PRE-taggedentries in the local Lmhosts f ile

Display and view the NetBIOS name table of the local computer



64/441

Broadcasts

Broadcast

Router

NetBIOSRedirector

The NetBIOS redirector sends out a localbroadcast1

If the resource is on the local network, thebroadcast is answered and an IP address isreturned

2

If the resource is on a remote network, then thebroadcast will not pass through the router3

Local broadcastsare network messages, sent from a single computer, thatare distributed to all other devices on the same segment of the network asthe sending computer

Broadcastis answered

BroadcastFails

1

2 3



65/441

Lmhosts FileAn Lmhosts fileis a local text f ile that maps NetBIOS names to IPaddresses for hosts that are not located on the local subnet

Computer1

Lmhosts File

# Copyright (c) 1993-1999 Microsoft Corp.

## This is a sample LMHOSTS file used by the Microsoft TCP/IP for Windows.## This file contains the mappings of IP addresses to computernames# (NetBIOS) names. Each entry should be kept on an individual line.# The IP address should be placed in the first column followed by the# corresponding computername. The address and the computername

# should be separated by at least one space or tab. The "#" character# is generally used to denote the start of a comment (see the exceptions# below).## The following example illustrates all of these extensions:## 102.54.94.97 rhino #PRE #DOM:networking #net group's DC# 102.54.94.102 "appname \0x14" #special app server # 102.54.94.123 popular #PRE #source server # 102.54.94.117 localsrv #PRE #needed for the include## #BEGIN_ALTERNATE# #INCLUDE \\localsrv\public\lmhosts# #INCLUDE \\rhino\public\lmhosts# #END_ALTERNATE



66/441

Overview

The Host Name Resolution Process

Client Resolver Cache

How to View and Flush the Client Resolver Cache

Hosts File

How to Preload the Client Resolver Cache by Using a Hosts File



67/441

The Host Name Resolution Process

Host Name resolutionis the process of

resolving a host name to an IP address.

What is the

IP address for

Salescomputer2?

Salescomputer2

1 2

3

192.168.1.35Salescomputer2

Client ResolverCache DNS Hosts File

NetBIOSName Cache WINS Broadcast Lmhost File



68/441

Client Resolver CacheThe client resolver cacheis a location in memory that stores host names

that have recently been resolved to IP addresses. It also stores host name-to-IP address mappings loaded from the Hosts file

Computer1

Hosts File

Resolved host namesfrom the DNS server



69/441

How to View and Flush the Client Resolver Cache

Display a client resolver cache by using the Ipconfig command

Flush a client resolver cache by using the Ipconfig command



70/441

Hosts FileThe Hosts fileis a static file that is maintained on the local computer and

that is used to load host name-to-IP address mappings into the clientresolver cache

Computer1

Hosts File

# Copyright (c) 1993-1999 Microsoft Corp.

## This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost



71/441

Overview

Using an Lmhosts File

Guidelines for Configuring a Client to Use Lmhosts

Using a Hosts File



72/441

Using an Lmhosts File

Add an entry to the client Lmhosts file

What is the IPaddress forlondon?

1

127.0.0.1 localhost131.107.34.1 router

192.168.2.200 london

Lmhosts File

192.168.2.200 2


73/441



74/441

Using an Hosts File

Add an entry to the client Hosts file

What is the IPaddress fors1?

1127.0.0.1 localhost

131.107.34.1 router172.30.45.121 server1.central.microsoft.com s1

Hosts File

172.30.45.121

2

Client



75/441

What Is WINS ?

What Is DNS ?

The DNS Suffix

Overview



76/441

What is WINS

Queries a WINS Server

Determines if name is in use or not

If not in use, then registers the NetBIOS name and associatedIP address3

Payroll WINS Server

NetBIOS NameRegistration Query

OK

?

1

2



77/441

What is DNS

Root domain

Child domain

Parent domain

Org

ComOther top-level

domains

Edu

( . Root)

Contoso

printserver

payrollaccounts

FQDN: printserver.contoso.com.



78/441

DNS suffix

FQDN

corp05.contoso.com.

corp01.sales.contoso.com.

FQDN

DNS SuffixHost Name

DNS SuffixHost Name

corp01 = 192.168.0.67

corp05 = 192.168.0.66

com

. Root

contoso

sales



79/441

Summary: How Client Names Are Resolved

Enter command1

DNS Server3

Hosts File4

NetBIOS name cache5

WINS Server6

Name is resolved

Lmhosts File8

Broadcast7DNS name cache2


80/441


81/441

Practise

Use Ipconfig to manage the DNS client cache

Configure a client to resolve names using DNS

Configure host name resolution

Configure NetBIOS name resolution

12

3

4


82/441

Practise

How to add an entry to the client Lmhosts file

How to add an entry to the client Hosts file

How to preload a NetBIOS name cache by using an Lmhosts file

How to preload the client resolver cache by using a Hosts file

12

3

4

Chapter 2 : Domain Name System


83/441

Chapter 2

Domain Name System

Chapter 2: Domain Name System


84/441

Lessons

Lesson 1: Domain Name System (DNS)

Lesson 2: Configuring the Properties for the DNS Server Service

Lesson 3: Configuring DNS Zones

Lesson 4: Configuring DNS Zone Transfers

Lesson 5: Configuring DNS Dynamic Updates

Lesson 6: Configuring a DNS Client

Lesson 7: Delegating Authority for Zones

Lesson 1: Domain Name System


85/441

Overview

What is DNS

DNS Hierarchy

What is a Domain Namespace

What is InterNIC

History of DNS

The Role of DNS in the Network Infrastructure

Standards for DNS Naming

Install the DNS Server Service


86/441

DNSHi h



87/441

DNS Hierarchy

DNS is organized into hierarchical domains

DNS Root Servers are positioned at thetop of the DNS hierarchy. They maintain

data about each of the top-level zones.

Top-level Domain Servers

exist for arpa, com and edu

etc.

Local name servers are

maintained by individual

organizations

Wh t i D i N



88/441

What is a Domain Namespace

Root Domain

Subdomains

Second-Level Domain

Top-Level Domain

FQDN:

server1.sales.south.nwtraders.com

south

nwtraders

com

sales

west east

orgnet

Host: server1

Wh t i D i N



89/441

What is a Domain NamespaceTheDomain namespace ia a hierarchical naming tree that DNS uses toidentify and locate a given host in a given domain relative to the root of thetree

Domain : in DNS is any tree or subtree within the overall domainnamespace.

Root domain : this is the root node of the DNS tree

Top-level Domain : This is state as a two or three-character name code thatidentifies either organizational or geographical status. This is a highest-leveldomain in the internets DNS hierarchy.

Second-level Domain : This is the level immediately beneath the Top-leveldomain in the Internets DNS hierarchy .This is a unique name that InterNIC

formally registers to an individual or organization that connects to theInternet.

Subdomain : This is a subdivision of a larger domain. For example :mail.yahoo.com is a subdomain of yahoo.com

Wh t i I t NIC



90/441

What is InterNIC

InterNIC is The Internet Network Information Center

The InterNIC manages the root, or the highest level of the domainnamespace.

Go to http://www.internic.net for more information about InterNIC

HistoryofDNS



91/441

History of DNS

DNS began in the early days of the Internet

DNS was introduced in 1984 and became this new system

TheRoleofDNS in theNetwork Infrastructure



92/441

The Role of DNS in the Network Infrastructure

Explain the role and benefits of DNS in the network infrastructure

Define the key components of DNS

Discuss the DNS domain namespace

Discuss DNS zones and zone transfer

Discuss DNS name servers

Explain how the hosts name resolution process works

Explain forward lookup queries

Standards forDNSNaming



93/441


The following characters are valid for DNS names:

A-Z

a-z

0-9

Hyphen (-)

The underscore (_) is a reserved character




94/441


Overview



95/441

Overview

What are the Components of a DNS Solution

What is a DNS Query

How Recursive Queries Work

How a Root Hint Works

How Iterative Queries Work

How Forwarders Work

How DNS Server Caching Works

How to Configure the Properties for the DNS Server Service

WhatareTheComponentsofaDNSSolution



96/441

What are The Components of a DNS Solution

DNS Servers on the InternetDNS ServersDNS Clients

Root .

.com

.edu

ResourceRecord

ResourceRecord

WhatareTheComponentsofaDNSSolution



97/441

What are The Components of a DNS Solution

DNS Server :A computer running DNS service

DNS Client : A computer running DNS client service

DNS Resource Records : Entries in the DNS database that maphost names to resources

The components of DNS

Howis theDNSQuery



98/441

How is the DNS Query

DNS clients and DNS servers both initiate queries for nameresolution

An authoritative DNS server for the namespace of the query willeither:

Check the cache, check the zone, and return the requested IPaddress

Return an authoritative, No A non-authoritative DNS server for the namespace of the query

will either:

Forward the unresolvable query to a specific query servercalled a Forwarder

Use root hints to locate an answer for the query

A queryis a request for name resolution to a DNS server. There are

two types of queries: recursive and iterative

HowRecursiveQueriesWork



99/441


Computer1

Recursive query for

mail1.nwtraders.com

172.16.64.11

A recursive queryis a query made to a DNS server, in which the DNSclient asks the DNS server to provide a complete answer to the query

DNS server checks the forward lookup

zone and cache for an answer to the query

Database

Local DNS Server

HowRecursiveQueriesWork



100/441


The following steps describe how a recursive query works

The Client sends a recursive query to the local DNS Server

The local DNS Server checks the forward lookup zone and cache for ananswer to the query

If the answer to the query is found, then the DNS Server returns theanswer to the client.

If an answer is not found, then the DNS Server uses a forwarder addressor root hints to locate an answer.

HowaRootHintWorks



101/441

How a Root Hint Works

Root hintsare DNS resource records stored on a DNS server that l istthe IP addresses for the DNS root servers

microsoft

Cluster ofDNS Servers

Root Hints

DNS Server

Cluster ofRoot (.) Servers

com

Computer1

HowaRootHintWorksR t Hi t t d i th C h d i l t % t t%\ t 32\d



102/441

How a Root Hint WorksRoot Hint are stored in the Cache.dns in locate %systemroot%\system32\dns

How Iterative Queries Work



103/441

QAn iterativequery is a query made to a DNS server in which the DNS clientrequests the best answer that the DNS server can provide without seekingfurther help from other DNS servers. The result of an iterative query is often areferral to another DNS server lower in the DNS tree

Computer1

Local

DNS Server

nwtraders.com

Root Hint (.)

.com

Iterative Query

Ask .com

3

2

1

How Forwarders WorkA i DNS d i d b h i l DNS



104/441

A forwarderis a DNS server designated by other internal DNS servers toforward queries for resolving external or offsite DNS domain names

Computer1

nwtraders.com

Root Hint (.)

.com

Iterative Query

Ask .com

Local

DNS Server

Forwarder

How DNS Server Caching Works



105/441

g

Cachingis the process of temporarily storing recently accessed information

in a special memory subsystem for quicker access

Wheres Client

A?

Client1

Client2

ClientA

ClientA is at

192.168.8.44

Wheres Client

A?

ClientA is at

192.168.8.44

Caching Table

Host Name IP Address TTL

clientA.contoso.msft. 192.168.8.44 28 seconds

How to Configure Properties for the DNS Server Service



106/441

g p

Update root hints on a DNS server

Configure a DNS server to use a forwarder

Clear the DNS server cache by using the DNS console

Clear the DNS server cache by using the DNSCmd command

Overview



107/441

How DNS Data Is Stored and Maintained

What Are Resource Records and Record Types

What Is a DNS Zone

What Are DNS Zone Types

How to Change a DNS Zone Type

What Are Forward and Reverse Lookup Zones

How to Configure Forward and Reverse Lookup Zones

How DNS Data is Stored and Maintained

Namespace: trainingnwtradersmsft



108/441

DNS Server

Zone File:

Training.nwtraders.msft.dns

DNS ClientA

Resource records for the

zone training.nwtraders.msft

Host name IP address

DNS ClientA 192.168.2.45

DNS ClientB 192.168.2.46

DNS ClientC 192.168.2.47

DNS ClientBDNS ClientC

Namespace: training.nwtraders.msft

A resource record (RR)is a standard DNS database structure containing informationused to process DNS queries

A zoneis a port ion of the DNS database that contains the resource records with theowner names that belong to the contiguous port ion of the DNS namespace

What Are Resource Records and Record Types



109/441

Record type Description

A Resolves a host name to an IP addressPTR Resolves an IP address to a host name

SOA The first record in any zone file

SRV Resolves names of servers providing services

NS Identifies the DNS server for each zone

MX The mail server

CNAME Resolves from a host name to a host name

What is a DNS Zone



110/441

Nwtraders

WestSouth

SupportSales Training

North

What Are DNS Zone Types



111/441

Zones Description

Primary

Read/write copy of a DNS database

Secondary

Read-only copy of a DNS database

Stub

Copy of a zone containing limited records

Read/Write

Read-Only

Copy of

limitedrecords

What Are Forward and Reverse Lookup ZonesNamespace: training nwtraders msft



112/441

Namespace: training.nwtraders.msft.

DNS Client1DNS Client2

DNS Client3

DNS Server Authorizedfor training

Forward

zone Training

DNS Client1 192.168.2.45

DNS Client2 192.168.2.46DNS Client3 192.168.2.47

Reverse

zone

1.168.192.in-

addr.arpa

192.168.2.45 DNS Client1

192.168.2.46 DNS Client2

192.168.2.47 DNS Client3

DNS Client2 = ?

192.168.2.46 = ?

Forward Lookup Zone



113/441

Reverse Lookup Zone



114/441

How to Configure Forward and Reverse Lookup Zones



115/441

Configure a forward lookup zone on a primary zone type

Configure a forward lookup stub zone

Configure a forward lookup zone on a secondary zone type

Configure a reverse lookup zone on a primary zone type

Configure a reverse lookup zone on a secondary zone type




116/441

How DNS Zone Transfers Work

How DNS Notify Works

How to Configure DNS Zone Transfers

g

How DNS Zone Transfers WorkA DNS zone transfer is the synchronization of authoritative DNS



117/441

Secondary Server Primary andMaster Server

SOA query for a zone

SOA query answered

IXFR or AXFR query for a zone

IXFR or AXFR query answered

(zone transfer)

A DNS zone transferis the synchronization of authoritative DNS

zone data between DNS servers

1

2

3

4

How DNS Notify WorksA DNS notifyis an update to the original DNS protocol specification



118/441

Secondary Server Primary and

Master Server

DNS noti fy

Zone transfer

y p g p pthat permits notification to secondary servers when zone changesoccur

Source ServerDestination Server 1

2

3

4

Resource record

is updated

SOA serial number

is updated

Overview

Wh tA D i U d t



119/441

What Are Dynamic Updates

How DNS Clients Register and Update Their Own Resource Records by

Using Dynamic Updates

How a DHCP Server Registers and Updates Resource Records by Using

Dynamic Updates

How to Configure DNS Manual and Dynamic Updates

What Is an Active Directory-Integrated DNS Zone

How Active Directory-Integrated DNS Zones Use Secure Dynamic Updates

How to Configure Active Directory-Integrated DNS Zones to Allow Secure

Dynamic Updates


120/441

A dynamic update is the process of a DNS client dynamically creating, registering,

What Are Dynamic UpdatesLesson 5: Configuring DNS Dynamic Updates


121/441

A dynamic updateis the process of a DNS client dynamically creating, registering,

or updating i ts records in zones that are maintained by DNS servers that can

accept and process messages for dynamic updates

A manual updateis the process of an administrator manually creating, registering,

or updating the resource record

Dynamic update enables DNS client computers to interact

automatically with the DNS server to register and update their ownresource records

Organizations that have dynamic changes can benefit from thedynamic method of updating DNS resource records

Organizations may benefit from manual update if they:

Are in a smaller environment that has few changes to theirresource records

Have isolated instances, such as when a larger organizationchooses to control every address on every host.

How DNS Clients Register and Update Their Own Resource Records by Using Dynamic Updates



122/441

Client sends SOA query1

DNS server sends zonename and server IPaddress

2

Client verifies existingregistration3

DNS server responds bystating that registrationdoes not exist

Client sends dynamicupdate to DNS server5

WindowsServer 2003

WindowsXP

Windows2000

DNS Server Resource

Records

1 2 3 4 5

4

How a DHCP Server Registers and Updates Resource Records by Using Dynamic Updates

DNS Server DHCP client makes an IP1



123/441

Window Server 2003Running DHCP

DHCP Down-level Client

Resource

Records

3 4

DHCP client makes an IPlease request

DHCP server grants IPlease

DHCP server automaticallygenerates clients FQDN

Using dynamic update, the

DHCP server updates theDNS forward and reverserecords for the client

1

2

3

4

IP Address Lease

1

2



A down-level clientis a DHCP client running Windows NT 4.0 or


124/441

do e e c e is a DHCP client running Windows NT 4.0 or

earlier. Down-level clients are unable to register or update their

resource records in DNS on their own

Administrator can configure DHCP servers running Windows Server 2003and Windows 2000 to update DNS client resource records for thefollowing client types:

Any down-level DHCP clients that do not request dynamic updates.

Any DHCP client, including those that are running Windows XP and

Windows 2000, regardless of whether it requests a dynamic update.



Process of performing dynamic updates for a down level


125/441

Process of performing dynamic updates for a down-levelclient

The DHCP client makes an IP lease request

The DHCP server grants an IP lease

The DHCP server automatically generates the clients FQDN byappending the domain name that is defined for the DHCP scope to theclient name. The client name is obtained from the DHCPREQUESTmessage that the client sends

Using the dynamic update protocol, the DHCP server updates the :

DNS forward (A) name for the client DNS reverse (PTR) name for the client




126/441

Process of performing dynamic updates for a Windows XPclient

The DHCP client makes an IP lease request that includes the clientFQDN in option 81 of the DHCP request

The DHCP server grants an IP lease The client connects to the DNS server to update the A record for itself

The DHCP server updates the DNS reverse (PTR) name for theclient by using the dynamic update protocol




127/441

Configure a DNS server running Windows Server 2003 to accept dynamic

updates of DNS resource recordsConfigure a Windows XP Professional client to dynamically update itsDNS resource records in DNS

Configure a DHCP server running Windows Server 2003 to dynamically

update DNS resource records in DNS on behalf of DHCP clientsManually create a DNS resource record



You need to choose and configure one or both of the following options.

Dynamic updates are supported on Primary DNS Zones


128/441

Dynamic updates are supported on Primary DNS Zones

To use a DNS client for dynamic updates, configure the :

DNS server to accept dynamic updates

DNS clients to create dynamic updates for themselves

To use a DHCP server for dynamic updates, configure the :

DNS server to accept dynamic updates

DHCP server to create dynamic updates on behalf of the DHCP clients

To manually create a DNS resource record, you need to add a host (A)resource record to a forward lookup zone

What is an Active Directory-Integrated DNS ZoneDNS zone type Benefit



129/441

Non Active

Directory-

integrated zone

Does not require Active Directory

Active Directory-

integrated zone

Stores DNS zone data in Active Directory

and is thus more secure

Uses Active Directory replication instead ofzone transfers

Allows only secure dynamic updates

Uses multi-master instead of single masterstructure

An Active Directory-integrated DNS zoneis a DNS zone stored inActive Directory

How Active Directory-Integrated DNS Zones Use Secure Dynamic Updates

A secure dynamic updateis a process in which a client submits a dynamic updaterequest to a DNS server, and the server attempts the update only i f the client can



130/441

DNS Clientrunning

Windows XPLocal

DNS Server

Domain Controller withAct ive Directory-

Integrated DNS Zone

Find authoritative server

Result

q p p yprove its identity and has the proper credentials to make the update

How to Configure Active Directory-Integrated DNS Zones to Allow Secure Dynamic Updates Only



131/441

Configure Active Directory-integrated DNS zones to allow secure dynamicupdates

Configure security on an Active Directory-integrated DNS zone

HowPreferredandAlternateDNSServersWork




132/441

How Preferred and Alternate DNS Servers Work

How Suffixes Are Applied How to Configure a DNS Client

How Preferred and Alternate DNS Servers Work

3. Optionally, you can enter a wholelist of alternate DNS servers



133/441

1. The preferredDNS server isthe one that theclient tries first

2. If the preferred serverfails, the client tr ies thealternate DNS server

4. The preferred and alternateDNS servers specified on theProperties page automaticallyappear at the top of this lis t,and preferred and alternate

servers are queried in theorder they are listed

How Suffixes Are Applied



134/441

Suffix Selectionoption Domain suffix

search list

ConnectionSpecific Suffix

Name query = server1

server1.sales.south.nwtraders.com

server1.south.nwtraders.com

server1.nwtraders.com

How to Configure a DNS Client



135/441

Manually configure a DNS client to use preferred and alternate DNS

servers

Configure the DNS server option and the DNS suffix option in DHCP

DNS



136/441

Cached Lookup



137/441

Reslove name



138/441

What Is Delegation of a DNS Zone?

Overview



139/441

g

How to Delegate a Subdomain to a DNS Zone

What Is Delegation of a DNS Zone

DNS server

Namespace: training.nwtraders.msft



140/441

The administrator, at the

nwtraders.com level of thenamespace, delegates author ityfor training.nwtraders.com andoffloads administration of DNSfor that part of the namespace

DNS server

DNS server

training.nwtraders.msft

Delegation is the process of assigning authority over child domains in your DNSnamespace to another entity by adding records in the DNS database

training.nwtraders.msft

Training.nwtraders.com nowhas its own administrator andDNS server to resolve queries

in that part of thenamespace/organization

P ti


141/441

Practise

Install the DNS Server service

Configure DNS zones

Resolve host names by using DNS

Configure a DNS client

1

2

3

4

P ti


142/441

Practise

Update root hints on a DNS server

Configure a DNS server to use a forwarder

Clear the DNS server cache by using the DNS console

Clear the DNS server cache by using the DNSCmd command

1

2

3

4

P ti


143/441

Practise

Configure a forward lookup zone on a primary zone type

Configure a forward lookup stub zone

Configure a forward lookup zone on a secondary zone type

Configure a reverse lookup zone on a primary zone type and asecondary zone type

1

2

3

4

P ti


144/441

Practise

Configure a DNS server running Windows Server 2003 to accept

dynamic updates of DNS resource recordsConfigure a Windows XP Professional client to dynamically update its

DNS resource records in DNS

Configure a DHCP server running Windows Server 2003 to

dynamically update DNS resource records in DNS on behalf of DHCPclients

Manually create a DNS resource record

1

2

3

4


145/441

Practise


146/441

Practise

Configure DNS dynamic updates

How to delegate a sub-domain to a DNS zone

How to change a DNS zone type

How to configure a DNS zone transfer and DNS notify

1

2

3

4

Chapter 3

Chapter 3 : Routing and Remote Access


147/441

Routing andRemote Access

Lessons

Chapter 3 : Routing and Remote Access


148/441

Lesson 1: Basic Concepts

Lesson 2: Routing

Lesson 3: Routing and Remote Access on Windows 2003 Server Lesson 4: Configuring Packet Filters

Using a Default Gateway

Overview



149/441

What is a Router How the Computer Determines Whether an IP Address is a Local or

Remote Address


When you use a default gateway:



150/441

The default gateway:

Routes packets to other networks

Is used when the internal routing table on the host hasno information on the destination subnet

DHCP automatically delivers the IP address for thedefault gateway to the client

To configure the client manually for the defaultgateway, use the General tab on the Network

Connections Properties page




151/441

ARouter is an intermediate system at the network layer that is used toconnect networkstogether basedonacommonnetwork layer protocol

What is a Router



152/441

Router types Example

Hardware routerA device that performs routing as a dedicated

function

Software router

A router that is not dedicated to performing routing

only, but performs routing as one of multiple

processes running on the router computer

Main routing components include:

Routing interfaceRouting protocol

Routing table

What is a Router

Communication path A-C-D



153/441

A

Routers

B

C

D

Communication path A-B-D

p

Local and destination hosts IP addresses are each AND with their subnet masks

1 AND 1 = 1

Other combinations = 0

How the Computer Determines Whether an IP Address Is a Local or Remote Address



154/441

If AND results of source and destination hosts match, the destination islocal

10011111 11100000 00000000 00000000

10011111 11100000 00000111 10000001

11111111 11111111 00000000 00000000

IP address

Subnet mask

Result

The Role of Routing in the Network Infrastructure

Wh t i R ti I t f

Overview

Lesson 2: Routing


155/441

What is a Routing Interface

What is a Routing Protocol

What Is Static and Dynamic Routing

What is a Routing Table

How the IP Protocol Selects a Route

S b t 1

The Role of Routing in the Network Infrastructure

Lesson 2: Routing

Routing is the process of transferring data across an internetwork

Describe how

routing fits into the


156/441

Subnet 1

Subnet 3

Subnet 2Router A

Router B

routing fits into the

networkinfrastructure

Explain the

difference between

local and remoterouting

Describe how the

Microsoft routing

solution fits intothe network

infrastructure

What is a Routing Interface

Arouting interface is an interface over which IP packets areforwarded

Lesson 2: Routing


157/441

Two types of routing interfaces:

LAN

Demand-dial


158/441

Lessons

Lesson 1: What is DHCP

Lesson 2: Adding and Authorizing a DHCP Server Service

Chapter 4:Dynamic Host Configuration Protocol


159/441


Lesson 3: Configuring a DHCP Scope and DHCP Reservation

Lesson 4: DHCP Options

Lesson 5: Configuring a DHCP Relay Agent

Lesson 6: Configuring a client

Lesson 7: Using Alternate Configuration

Lesson 8: Managing a DHCP Database

Lesson 9: Monitoring DHCP

Lesson 10: Applying Securi ty Guidelines for DHCP


160/441

How DHCP Allocates IP Addresses

Non-DHCP Client DHCP Client


IP addresses and Options are sent fromDHCP serverin response to a request

froma DHCP client


161/441

DHCP Client

DHCP ServerDHCP Database

IP Address1

IP Address2

IP Address3.

..

IP AddressN

IP Address2

IP Address1

How DHCP Allocates IP Addresses (cont)

DHCP Client2:

IP configuration

fromDHCPserver

Non-DHCP Client:

Static IP



162/441

DHCP Server

DHCP

Database

IP Address1: Leased to DHCP Client1

IP Address2: Leased to DHCP Client2

IP Address3: Available to be leased

from DHCP serverconfiguration

DHCP Client1:

IP configuration

from DHCP server

Lease Renewal

Lease Generation

How the DHCPLease GenerationProcess Works

DHCP

Server 2



163/441

DHCP

Client

DHCP

Server 1

DHCP cl ient broadcasts a DHCPDISCOVER packet1

DHCP servers broadcasts a DHCPOFFER packet2

DHCP cl ient broadcasts a DHCPREQUEST packet3

DHCP server 1 broadcasts a DHCPACK packet4



A DHCPDISCOVER packet

This is a message that DHCP client send the first time that they


164/441

attempt logon to the network and request IP address information from aDHCP Server.

A DHCPOFFER packet

This is a message that DHCP Servers use offer the lease of an IP

address to DHCP client . If the clients does not receive an offer after four requests. It use an IPin the reserved range from 169.254.0.1 168.254.255.254

A DHCPREQUEST packet

This is a message that a client sends to the DHCP Server request orrenew the lease of the clients IP address.



A DHCPACK packet


165/441

This is a message that DHCP Server send to a client to acknowledgeand complete a clients request for leased configuration.

This message contains a valid lease for the IP address and other IPconfiguration data.

Important

DHCP Servers and Clients communicate by using User DatagramProtocol (UDP) port 67 and 68.

How the DHCPLease RenewalProcess Works

DHCP

Server2

DHCP

Server2



166/441

DHCP ClientDHCP

Server1

DHCP Client sends a DHCPREQUEST packet1DHCP Server1 sends a DHCPACK packet2

50% of leaseduration has

expired

87.5% of leaseduration has

expired


expired

If the cl ient fails to renew i ts lease, after 50% of the leaseduration has expired, then the DHCP lease renewal process wil l

begin again after 87.5% of the lease duration has expired

If the client fails to renew its lease, after 87.5% of the lease hasexpired, then the DHCP lease generation process starts overagain with a DHCP client broadcasting a DHCPDISCOVER

DHCP ClientDHCP

Server1

DHCP client sends a DHCPREQUEST packet1DHCP Server1 sends a DHCPACK packet2


expired


167/441

Install a DHCP Server Service


Prepare to add a DHCP Server service

Assign a static IP address to the DHCP server

Logged on as an administrator.


168/441

Add a DHCP Server service Install DHCP Service using Control Panel Add or Remove Programs

Install DHCP Service using Administrative Tools Configure Your ServerWizard

DHCP ClientDHCP Client DNS ServerDNS Server

DHCP ServerDHCP Server


169/441


A scopeis a range of IP addresses that are available to be leased

DHCP Server

DHCP Scope


170/441

Scope Properties

Network ID Lease duration Scope name

Subnet mask Router Exclusion range

Network IP

address range

LAN A LAN B

Scope BScope A


DHCP Scope

Scope property

Network ID : The Network ID for the range of IP addresses.

S b t k Th b t k f th N t k ID


171/441

Subnet mask : The subnet mask for the Network ID.Network IP address range : The range of IP addresses that are available toclients.

Lease duration : The period of time that the DHCP Server holds a lease IP

address for a client before removing the lease.

Router: A DHCP option that allows DHCP clients to access remotenetworks.

Scope name : An alphanumeric identifier for administrative purposes.

Exclusion range : The range of IP addresses in the scope that are excludedfrom being leased.

How to Configure a DHCP Scope


Configure a DHCPscope


172/441

IP Address Range

Subnet mask

IP address exclusions

Lease duration

interval

Scope Options

Activate a DHCPscope

How to Configure a DHCP Scope


Superscope

Superscope which expands the number of IP network addresses that you

i t k


173/441

can use in a network .A Superscope allows several distinct scopes to be logically grouped under asingle name.

You must have at least a Scope before create a Superscope

Multicast Scope

Multicast scope which is a group of IP multicast network addresses that aredistributed to other computers in a network.

The valid IP address range is 224.0.0.0 239.255.255.255

DHCP Reservation

A reservationis a specific IP address, within a scope, that ispermanently reserved for leased use to a specific DHCP client

Workstation 1 File and



174/441

Subnet A Subnet B

Workstation 1

DHCP ServerWorkstation 2

File andPrint Server

IP Address1: Leased to Workstation 1IP Address2: Leased to Workstation 2

IP Address3: Reserved for File and Print Server

How to Configure a DHCP Reservation

Configure a DHCP



175/441

Configure a DHCPreservation

Specify IP address

MAC address ofDHCP client

Verify DHCPReservation

How to Configure a DHCP Reservation


Information of a Reservation


176/441

Reservation name : Name that the administrator assigns.

IP address : IP address from the scope for the client.

MAC address : Clients media access control (MAC) address (entered

without hyphens).

Description : Description that the administrator assigns.

Supported type : DHCP reservation, Boot Protocol (BOOTP) reservation or

both.

DHCP Options


DHCP optionsare configuration parameters that a DHCP serviceassigns to clients along with the IP address and subnet mask

DHCP Client IP Configuration Data


177/441

DHCP Client

DHCP Server

DHCP Client IP Configuration Data

Clients IP address

Clients subnet mask

DHCP options such as: Routers IP address DNS servers IP address WINS servers IP address DNS domain name

Levels of DHCP Options

Level of DHCP Option Description

Server levelApplies to all DHCP clients that lease

an IP address from the DHCP server



178/441

Scope levelAvailable to clients that lease an

address from that scope

Class level (User & Vendor)

Available to clients that identify

themselves as belonging to a

particular class

Reserved Client levelApplies to specific clients

DHCP ServerWindows 98




DHCP Server, Scope, and Reserved Client Options



179/441

DHCP option applied at theserver level

DHCP option applied at thescope level

DHCP option applied at thereserved-client level

Scope A Scope B

Windows XP Windows XP

Router

Scope A Scope B


Router


Router Router


DHCP Class-level Options



180/441

DHCP option applied at the

class level

Scope A Scope B


Router Router


A DHCP relay agentis a computer or router configured to listen forDHCP/BOOTP broadcasts from DHCP clients and then relay those messagesto DCHP servers on dif ferent subnets

DHCP ServerDHCP Relay Agent

What is DHCP Relay Agent ?


181/441

Client

y g

Client Client Client

RoutersNon-RFC 1542

Compliant

Unicast

Broadcast

Subnet A Subnet B

Broadcast

RouterC 1

DHCP Relay Agent

Client2

DHCP Server

Client3

RouterC 1

DHCP Relay Agent

Client2

DHCP Server

Client3

How a DHCP Relay Agent Works



182/441

RouterNon-RFC 1542 Compliant

Client1Client3Router

Non-RFC 1542 CompliantClient1

Client3

Client1 broadcasts a DHCPDISCOVER packet1

Relay agent forwards the DHCPDISCOVER message to the DHCP server

2Server sends a DHCPOFFER message to the DHCP relay agent3

Relay agent broadcasts the DHCPOFFER packet4

Client1 broadcasts a DHCPREQUEST packet5

Relay agent forwards the DHCPREQUEST message to the DHCP server6Server sends a DHCPACK message to the DHCP relay agent7

Relay agent broadcasts the DHCPACK packet8

The hop count thresholdis the number of routers that the packet can betransmitted through before being discarded

DHCP Relay Agent 2

How a DHCP Relay Agent Uses Hop Count



183/441

DHCP Relay Agent 2

DHCP Server

Hop Count = 2

DHCP Relay Agent 1

DHCP Server 2Boot Threshold

DHCP Server 2Boot Threshold

The boot thresholdis the length of time in seconds that the DHCPRelay Agent will wait for a local DHCP server to respond to cl ientrequests before forwarding the request

How a DHCP Relay Agent Uses Boot Threshold



184/441

DHCP Server 3

DHCP Relay Agent

= 10 seconds

Local DHCP

ServerDHCP Server 3

DHCP Relay Agent

= 10 seconds

Local DHCP

Server

How to Configure a DHCP Relay Agent

Enable RRAS

Add DHCPRelay Agent

Add a routing



185/441

Add a routinginterface

Specify IP of

DHCP server

Apply hopcount /boot

threshold


186/441

DHCP Assigned Settings on the Client

Lesson 6: Configuring a DHCP client


187/441


188/441

Manually Renew/Release an IP Address

To release and renew an IP address:

Type ipconfig /release

Lesson 6: Configuring a DHCP client


189/441

Type ipconfig /renew

To verify the address has been renewed:

Type ipconfig /all

Note thevalues forLease Obtained andLease Expires


190/441

APIPA ORUser Configured IP Addresses

Lesson 7: Using Alternate Configuration


191/441

Practice


192/441

Configure a DHCP scope

Configure a DHCP reservation

Configure DHCP options

Add and authorize a DHCP Server service

1

2

3

4

Practice


193/441

Configure a DHCP Relay Agent

Identify and resolve common issues when allocating IP addressing by

using DHCP

1

2

Practice


194/441

Assign an IP address to a client (static IP, dynamic IP)

Release and renew an IP address

Configure an alternate configuration

Disable APIPA

1

2

3

4


195/441

Managing DHCP

Lesson 8: Managing a DHCPDatabase

The DHCP service needs to be managed to reflect

changes in the network and the DHCP server

Scenarios for managing DHCP:


196/441

Managing DHCP database growth

Protecting the DHCP database

Ensuring DHCP database consistency

Adding clients

Adding new network service servers

Adding new subnets

What is a DHCP Database


TheDHCP database is a dynamic database that is updated whenDHCPclients are assigned or as they release their TCP/IPaddressleases

The DHCP database contains DHCP configuration data,such as information about scopes, reservations, options,

d l


197/441

and leases

Windows Server 2003 stores the DHCP database in the

directory %Systemroot%\System32\Dhcp The DHCP database files include:

DHCP.mdb

Tmp.edb

J50.log and J50*.log

Res*.log

J50.chk

How a DHCP Database Is Backed Up and Restored


DHCP Server

DHCP

Offline Storage

Back up Restore

Restore


198/441

DHCP Back up

In the event that the server hardware fails, the administrator can

restore only from the offline storage location

How to Back Up and Restore a DHCP Database


ApplyguidelineswhenbackingupandrestoringaDHCPdatabase

ConfigureaDHCPdatabasebackuppath


199/441

Manually back up a DHCP database to the backup directory on a localdrive

Manually restorea DHCPdatabase fromthe backup directory on a localdrive

How to Reconcile a DHCP Database


Registry Summary IP

address leaseinformation

Detailed IPaddress lease

information Comparesinformation to find

inconsistencies

DHCP

Database


200/441

Example

Summary information Detailed informationReconciled DHCP

database

Client has IP address

192.168.1.34

IP address

192.168.1.34

is available

Create an active lease

entry

DHCP Server

Reconcilesinconsistencies inthe DHCP database


201/441

Overview


What Are DHCP Statistics?

How to View DHCP Statistics

What is a DHCP Audit Log File?


202/441

How DHCP Audit Logging Works

How to Monitor DHCP Server Performance by Using the DHCP Audit Log

Guidelines for Monitoring DHCP Server Performance

Common Performance Counters for Monitoring DHCP Server Performance

Guidelines for Creating Alerts for a DHCP Server

What Are DHCP Statistics?


DHCP Server


203/441

DHCP statisticsrepresent statistics col lected at either the serverlevel or scope level since the DHCP service was last started

How to View DHCP Statistics


EnableDHCPstatisticstoautomatically refresh

Vi DHCP t ti ti

In these procedures, you will learn how to:


204/441

ViewDHCPserver statistics

ViewDHCPscopestatistics

What is a DHCP Audit Log File?


A DHCP audit log is a log of service-related events, such as when: the servicestarts and stops; authorizations have been verified; or IP addresses are leased,renewed, released, or denied


205/441

How DHCP Audit Logging Works


DHCP server writes a

header message in theaudit log, indicatingthat logging has started

DHCP server c loses the

existing log and moves tothe log file for the nextday of the week

Audit loggingis the daily collection of DHCP server eventsinto log f iles.

12:00 am


206/441

3. DHCP closes

daily audit log

2. DHCP performs

disk checks

1. DHCP opens

daily audit log

Disk checks ensure that both the ongoingavailabil ity of server disk space and the currentaudit log file do not become too large or grow

too rapidly

DHCPSrvLog-Mon.LogDHCPSrvLog-Tue.Log


207/441

Guidelines for Monitoring DHCP Server Performance


Create a baseline of performance data on the DHCPserver

Check the standard counters for server performance,


208/441

Check the standard counters for server performance,such as processor uti lization, paging, diskperformance, and network uti lization

Review DHCP server counters to look for signif icantdrops or increases that indicate a change in DHCP

traffic

Common Performance Counters for Monitoring DHCP Server Performance


Performance

countersWhat to look for after a baseline is established

Packets

received/second

Monitor for sudden increases or decreases which

could reflect problems on the network

Requests/secondMonitor for sudden increases or decreases which


209/441

Requests/secondcould reflect problems on the network

Active queue lengthMonitor for increases both sudden and gradualwhich could reflect increased load or decreased

server capacity

Duplicatesdropped/second

Monitor for any activity which could indicate that

more than one request is being transmitted onbehalf of clients

Guidelines for Creating Alerts for a DHCP Server


Define the acceptable level that a DHCP counter can

rise above or fall below, before creating an alert


210/441

Use scripts with your alerts

Overview

Lesson 10: Applying Security Guidelines for DHCP

Guidelines for RestrictinganUnauthorizedUser fromObtainingaLease

Guidelines for Restricting an Unauthorized, non-Microsoft DHCP ServerfromLeasingIPAddresses


211/441

Guidelines for RestrictingWhoCanAdminister theDHCPService

Guidelines for SecuringtheDHCPDatabase


212/441

Guidelines for Restricting an Unauthorized, non-Microsoft DHCP Server from Leasing IP Addresses


To restrict an unauthorized, non-Microsoft DHCP server

from leasing IP addresses:

Ensure that unauthorized persons do not have physicalor wireless access to your network


213/441

Microsoft DHCP Server

Only DHCP servers running Windows 2000 or Windows Server 2003 can be

authorized in Active Directory

Unauthorized, non-Microsoft DHCP Server

Non-Microsoft DHCP server software does not include the authorization

feature that is included in Windows 2000 and Windows Server 2003

Guidelines for Restricting an Unauthorized, non-Microsoft DHCP Server from Leasing IP Addresses


To restrict who can administer the DHCP service:

Restrict the membership of the DHCP Administrators groupto the minimum number of users necessary to administer

the service

If thereareusers who need read-only access to the DHCP


214/441

console, then add them to the DHCP Users group insteadof theDHCPAdministratorsgroup

DHCP Users groupHave read-only DHCP console access to

the server

DHCP Administrators

group

Can view and modify any data about the

DHCP server


215/441

Practice


216/441

Manage a DHCP database

Manage and monitor DHCP

Chapter 4: FTP

Chapter 4

File Transfer

Protocol


217/441


218/441

Short forFile Transfer Protocol, the protocol for exchanging files over the

Internet. FTP works in the same way as HTTP for transferring Web pages

froma server to a user's browser and SMTPfor transferring electronic mail

across the Internet in that, like these technologies, FTP uses the Internet's

TCP/IPprotocols toenabledata transfer

What is FTP ?

Lesson 1: Introduction to FTP


219/441

TCP/IPprotocols toenabledata transfer

FTP is most commonly used to download a file from a server using theInternet or toupload a file toa server, for example: upload a Web page file

toaserver

FTP


FTP client


220/441

InternetFTP server

Architecture of the TCP/IP Protocol Suite

Transport

ApplicationHTTP FTP SMTP DNS RIP SNMP

TCP/IP Protocol Suite

TCP UDP



221/441

Internet

Link

Ethernet Frame

RelayTokenRing

ATM

IPARP IGMP ICMP


222/441

In active mode FTP the client connects froma randomunprivileged port (N > 1024) to

theFTPserver'scommand port, port 21. Then, theclient starts listening toport N+1and

sends the FTP command PORT N+1 to the FTP server. The server will then connect

back totheclient'sspecifieddataport fromits local dataport, which isport 20.

From the server-side firewall's standpoint, to support active mode FTP the following

i ti h l d t b d

Active FTP



223/441

communicationchannels need tobeopened:

FTPserver's port 21 fromanywhere(Client initiatesconnection)

FTPserver'sport 21 toports>1024(Server responds toclient'scontrol port)

FTP server's port 20 to ports > 1024 (Server initiates data connection to

client's dataport)

FTP server's port 20 from ports > 1024 (Client sends ACKs to server's data

port)

Active FTP - Example



224/441

The main problemwithactive mode FTPactually falls on the client side. The FTPclient

doesn't make the actual connection to the data port of the server, it simply tells the

server what port it is listening on and the server connects back to the specified port on

the client. Fromthe client side firewall this appears to be an outside system initiating a

connection toan internal client, something that is usually blocked.

Inorder toresolve the issueof theserver initiating theconnection totheclient adifferent

method for FTP connections was developed. This was known as passive mode, or

PASV, after thecommandusedby theclient totell theserver it is inpassivemode.

In passive mode FTP the client initiates both connections to the server, solving the

problem of firewalls filtering the incoming data port connection to the client from the

server When opening an FTP connection the client opens two random unprivileged

Passive FTP



225/441

server. When opening an FTP connection, the client opens two random unprivileged

ports locally (N > 1024 and N+1). The first port contacts the server on port 21, but

instead of then issuing

mang may tinh nc_slides_2

Documents