6.05 Compare and contrast common network configuration concepts

Introduction 

Imagine your network as a busy office building. When people come in, they need a way to find their desks, the right rooms, and the people they need to work with. Assigning them places manually could lead to chaos if mistakes happen.

This is where Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) come in, acting like the building’s guide and directory. They ensure everyone gets where they need to be, minimizing confusion and errors. In this lesson, you’ll learn how DHCP helps devices automatically find their way around a network and how DNS makes it easy to connect with others using friendly names instead of complicated numbers. Understanding these tools will not only help you solve network issues quickly but will also allow you to assist others in setting up and maintaining smooth network operations.

Dynamic Host Configuration Protocol (DHCP) 

Overview 

When a computer or device (host) is manually assigned an IP address, mistakes can happen. An incorrect address, duplicate IPs, or incorrect subnet mask-which identifies your network ID can cause network problems. To prevent these issues, a DHCP server automatically assigns IP addresses and other network settings to hosts that connect to the network. 

DHCP Scope - A scope is the range of IP addresses that a DHCP server can assign to devices on a specific subnet. 

Example: In a typical SOHO network, if the router's address is 192.168.0.1 (which is also the DHCP server's address), the DHCP scope might be set from 192.168.0.100 to 192.168.0.199. This setup allows for 100 dynamically assigned addresses.

Note: Addresses that are manually configured (static addresses) should not be part of the DHCP scope to prevent conflicts. 

DHCP Leases 

  • A host uses DHCP by setting its TCP/IP configuration to automatically obtain an IP address. 

  • The DHCP process starts when a client broadcasts a DHCPDISCOVER packet to find a DHCP server. This communication uses UDP, with the server listening on port 67 and the client on port 68

DHCP Process 

  1. DHCPDISCOVER: The client sends a broadcast to locate a DHCP server. 

  2. DHCPOFFER: The server responds with an available IP address and configuration settings (like the default gateway and DNS server). 

  3. DHCPREQUEST: The client broadcasts a request to accept the offered IP address. 

  4. DHCPACK: The server confirms the lease, and the client performs an ARP (Address Resolution Protocol) check to ensure the IP isn't already in use.

The IP address is leased to the client for a limited period. The client can try to renew or rebind the lease before it expires. If it can't renew the lease, the client must release the IP and start the DHCP process again. 

DHCP Reservations 

  • For devices like servers, routers, or printers that benefit from having a consistent IP address, a DHCP reservation can be used. 

  • The DHCP server is set up with a list of MAC addresses of devices that should receive the same IP address every time they connect. 

  • When a device with a reserved MAC address contacts the DHCP server, it is issued the reserved IP address. 

  • Some operating systems might use a different identifier than a MAC address by default, so proper configuration is necessary for the server to issue the correct reservation. 

Domain Name System (DNS) 

Overview 

  • IP addresses are used to locate hosts on a network, but these binary values (IPv4 in dotted decimal or IPv6 in hexadecimal) can be difficult for people to remember. 

  • To make it easier, each host is usually assigned a friendly host name (e.g., "server1"), configured during the OS installation. 

  • On a local network, each host name must be unique to avoid conflicts. 

How DNS Works 

  • DNS (Domain Name System) is a global hierarchy of distributed name servers that contain information about domains and the hosts within them. 

  • Root Level: The top of the DNS hierarchy, represented by a period (.). It contains 13 root-level servers (labeled A to M). 

  • Top-Level Domains (TLDs): These are immediately below the root level.

  • Types of TLDs include: 

    • Generic TLDs (gTLDs): Examples are .com, .org, .net, .info, .biz. 

    • Sponsored TLDs: Examples are .gov, .edu. 

    • Country Code TLDs (ccTLDs): Examples are .uk, .ca, .de. 

  • The Internet Corporation for Assigned Names and Numbers (ICANN) manages DNS operations and oversees most TLDs. Country codes are usually managed by organizations appointed by their respective governments. 

Fully Qualified Domain Name (FQDN) 

  • On the Internet, to avoid duplicate host names, a Fully Qualified Domain Name (FQDN) is used. 

  • An FQDN combines the host name with a domain name and a suffix.

    Example: nut.widget.example. 

    • Host Name: "nut" 

    • Domain Name: "widget" 

    • Top-Level Domain (TLD): ".example" 

  • The FQDN structure can include subdomains between the host and domain name, creating a hierarchical naming system. 

DNS Hierarchy Example 

  • An example of an FQDN: pc.corp.515support.com 

    • pc: Host name 

    • corp: Subdomain 

    • 515support: Domain name 

    • .com: Top-Level Domain (TLD) 

  • This hierarchical structure goes from the most specific (host name) to the least specific (TLD), separated by periods.

DNS Queries 

Overview 

When a user types a host name or FQDN into an application, like a web browser, the system must find the corresponding IP address. The application, known as a stub resolver, follows this process to get the correct IP address: 

DNS Resolution Process 

  • Check Local Cache

    • The stub resolver first checks its local cache for the host name's IP address. 

    • If the mapping is found, the resolution is complete. 

  • Forward Query to Local DNS Server

    • If no match is found in the cache, the stub resolver sends the query to a local DNS server

    • The IP addresses of these DNS servers are set in the device's TCP/IP configuration

    • Communication with the DNS server happens over port 53

  • DNS Resolution Steps

    • The local DNS server then begins a recursive search for the IP address, contacting multiple servers to find the correct record: 

  1. Root Server: The local DNS server first queries a Root Server, which holds information about the top-level domains (TLDs). 

  2. TLD Server: The root server directs the query to the Top-Level Domain (TLD) server (e.g., for ".net" domains). 

  3. Authoritative Name Server: The TLD server then provides the address of the authoritative name server for the specific domain. 

  4. Retrieve Host Record: The local DNS server queries the authoritative name server, which contains the IP address for the host (e.g., "www.web.net"). 

  • Respond to the Client

    • The local DNS server receives the IP address from the authoritative name server and sends it back to the stub resolver (the client). 

    • The client then caches this IP address for future use. 

This multi-step process ensures that the correct IP address is obtained for the host name, allowing the client to communicate with the desired server. 

DNS Record Types 

DNS servers store information about domain names and their corresponding IP addresses using different types of resource records. These records are essential for translating human-friendly domain names into machine-friendly IP addresses. 

Address (A) and Address (AAAA) Records 

  • A Record: Maps a host name to an IPv4 address

    Example: Resolving "example.com" to "192.0.2.1". 

  • AAAA Record: Maps a host name to an IPv6 address

    Example: Resolving "example.com" to "2001:0db8::1".

Mail Exchanger (MX) Records 

  • MX Record: Identifies an email server for a domain, allowing other servers to send email messages. 

    • Multiple MX records can be used to provide redundancy, each with a preference value (lower values indicate higher preference). 

    • The host name in an MX record must have an associated A or AAAA record. 

These resource records can be manually created (statically) or dynamically updated based on network information. They are crucial for DNS servers to effectively direct traffic and services to the appropriate hosts within a network. 

DNS Spam Management Records 

TXT Records store free-form text in the DNS. A domain can have multiple TXT records, and they are often used to verify email services and help block spam. 

Sender Policy Framework (SPF) 

  • SPF uses a TXT record in the DNS to identify which hosts are authorized to send emails for a domain. 

  • An SPF record can: 

    • Specify authorized mail servers. 

    • Indicate what to do with mail from unauthorized servers, such as: 

      • Reject (-all) 

      • Flag (~all) 

      • Accept (+all) 

  • Limitation: Only one SPF record is allowed per domain. 

DomainKeys Identified Mail (DKIM) 

  • DKIM uses cryptography to verify the source server of an email message. 

  • A public encryption key is uploaded as a TXT record in the DNS. 

  • Receiving organizations use this key to authenticate the origin of an email message. 

  • DKIM can replace or supplement SPF. 

Domain-Based Message Authentication, Reporting, and Conformance (DMARC) 

  • DMARC ensures that SPF and DKIM are correctly implemented and used. 

  • A DMARC policy is published as a TXT record in the DNS. 

  • It specifies how email authentication failures should be handled: 

    • Flag the message. 

    • Quarantine it. 

    • Reject it. 

  • DMARC also allows recipients to report authentication failures back to the sender. 

These records work together to help verify email authenticity, reducing the risk of spam and email spoofing

Virtual LANs (VLANs) 

In a network, all hosts connected to the same unmanaged switch are part of the same broadcast domain. On small networks, this is usually not an issue. However, in an enterprise network with thousands of ports, having hundreds or thousands of hosts in the same broadcast domain can slow down network performance. To solve this, managed switches use a feature called Virtual LANs (VLANs) to divide the network into smaller segments.

How VLANs Work 

  • VLAN ID: Each port on a switch can be assigned to a VLAN using a VLAN ID in the range of 2 to 4094.

    For example: 

    • Ports 1-10 could be assigned to VLAN 10

    • Ports 11-20 could be assigned to VLAN 20

    • Host A on port 2 would be in VLAN 10, while Host B on port 12 would be in VLAN 20. 

  • Default VLAN: The VLAN with ID 1 is the default. All ports on a managed switch are part of VLAN 1 unless configured otherwise. 

  • Communication: When hosts are placed in different VLANs, they cannot directly communicate with each other, even if they are on the same physical switch. To allow communication: 

    • Each VLAN must have its own subnet and IP address range

    • Communication between VLANs requires an IP router

    • Each VLAN needs its own DHCP and DNS services.

Benefits of VLANs 

  1. Improved Performance: Reduces network congestion by minimizing the impact of broadcast traffic. 

  2. Security: Each VLAN can act as a separate security zone. Traffic between VLANs can be filtered and monitored to meet security policies. 

  3. Traffic Management: VLANs can separate nodes based on traffic type. For example, VoIP devices can be isolated into a VLAN to prioritize their traffic over data traffic on other VLANs.

VLANs help optimize network performance, enhance security, and manage different types of network traffic efficiently. 

Virtual Private Networks (VPNs) 

A Virtual Private Network (VPN) allows hosts to connect to a local area network (LAN) remotely, without being physically present at the site. Instead of connecting directly to a switch or access point (AP), the host connects through the Internet using a remote access server

How VPNs Work 

  • Remote Connection: The host connects to the LAN remotely via the Internet. This is especially useful for teleworkers and users who need network access while roaming. 

  • Security: Since the Internet is a public network, the VPN must be secure. To achieve this: 

    • A VPN establishes a protected tunnel through the Internet. 

    • It uses special connection protocols and encryption to protect the tunnel from snooping and to authenticate the user. 

  • Network Access: Once the VPN connection is established, the remote computer is treated as if it is part of the local network. However, the connection speed depends on the Internet bandwidth available to the remote user. 

Use Cases for VPNs 

  1. Remote Access: Allows teleworkers and roaming users to securely access the company's local network over the Internet. 

  2. Site-to-Site Connections: VPNs can connect branch offices to the head office securely over public networks. 

  3. Internal Network Security: VPNs can be used within a local network to add an additional layer of security for specific services or user groups. 

VPNs provide secure, remote access to a local network, enhancing flexibility for remote users and inter-office communication while maintaining data protection.

Summary 

Great work! You've covered a lot of information about networking, from DHCP and DNS to VLANs and VPNs. It's clear you're building a strong foundation in network concepts, and this summary brings together the key details in an organized way. Keep exploring these topics, as they are crucial for understanding how modern networks function and how to manage them efficiently. You're on the right path!