Looking for CCNA security level…
I have many tutorials that describe the CCNA security topics but right now I don’t have a specific page with everything in order. Once I’m done with all the MPLS, multicast and QoS tutorials then I’ll make a complete course for it.
Hi Rene, i would likr to know why in the example of openning the Web page… the DNS request use UDP instead TCP?
DNS supports both UDP and TCP but we typically only use TCP for zone transfers.
One of the advantages of UDP is that it’s faster since it’s connectionless. A DNS server doesn’t have to establish a TCP connection with each client that does a DNS request. With UDP, it just gets a DNS request, sends a response and it’s done.
It’d be great if you can give some detailed insight on how a DNS query is resolved. Maybe an example would help.
Would you like to see a packet capture of a query/response or do you mean how the lookup is done from client to DNS server 1 > DNS server 2, etc.?
Can you explain different DNS record types and zones please.
DNS allows us to use zones. A zone stores information about the domain. When you register a domain name, you have to tell the register which DNS servers you want to use for your domain name.
On the DNS server that is responsible for your domain (zone) you can create different records.
Let me give you a short overview of the different records:
- A: the A record is used to store the IP address of a name. For example, 188.8.131.52 refers to "networklessons.com".
- AAAA: this is the same as the A record but it's used for IPv6 addresses.
- CNAME: the CNAME record is an alias for an A record. For example, I could use CNAME www.networklessons.com as an alias for networklessons.com.
- MX: the MX record is used to store the hostname for the mailserver. For example, I could use this to tell that mail.networklessons.com is the mail server for this domain name. You will need an A record for mail.networklessons.com.
Can you explain why do we need /etc/hosts file. What happens if we do not have any entries in it?
Hi Shree Kumar,
The hosts file is used for static IP to HOSTNAME mappings. Normally it is used to configure the hostname of the local computer.
For all other IP-to-HOSTNAME lookups, we use a DNS server. Any application that requires the local hostname might fail if your hosts file is empty.
Can you explain the steps a computer takes when it’s behind a switch, that’s behind a router, when it sends a request to reach http://google.com? I’m talking DNS, ARP, routing, and what order they happen? Just as much detail as possible. I am trying to figure out the order of operations.
Hi Shawn O,
In case your PC doesn’t have the MAC address of the gateway IP (which is the internal interface of the router) inside its ARP table, then It will issue an ARP request. With the ARP request, it will receive the MAC address from the router so it can start sending the packet. You can check this on the PC by going to the command line and typing the command “arp -a”
Then the packet will go to the router who in turn send it to the ISP DNS Server for the IP to domain name mapping. Once the IP of google.com is known, then the route of the packet happens to reach the web Server of google.
Hope I could answer your question.
How does this PC know that the request to reach http://google.com needs to send to the ISP DNS server instead of the local DNS server?
How does this PC know the IP address of the ISP DNS server?
On your computer, you have to configure the DNS server manually or you receive it through the DHCP server:
You could configure the DNS server of your ISP or anything else (184.108.40.206 is Google DNS).
It’s also possible that you see the IP address of your local router here. Most SOHO routers will act as a “proxy” / simple DNS server for your computers. When it receives a DNS request, it will forward it to the ISP DNS servers to figure out the IP address that belongs to the hostname. This is then returned to the computer.
Please help me to understand this !
This is a list of the DNS root servers:
The root servers answer requests for the root zone which contains all top-level domains (TLD) like .com, .net, etc.
You can take a closer look at each of these here:
Here is an example (without caching):
- From your computer, you do a lookup for networklessons.com.
- Your computer forwards the request to the ISP DNS server.
- If the ISP DNS server doesn’t have an answer, it queries one of the root servers to ask which DNS servers are responsible for the .com TLD.
- The ISP DNS server sends a request to the .com TLD name server.
- The .com TLD name server answers which authoritative server is responsible for the networklessons.com domain name.
- The ISP DNS server now asks the authoritative server for the IP address of networklessons.com and gets the IP address.
- The ISP DNS answers your computer with the IP address.
As you can see, these root servers are important. Hope this helps!
Hello if you creat your own DNS server on your router with the #ip host [name] [ip adress].
#ip host [bob1] [220.127.116.11]
But if I type the command
no ip domain-lookup im still able to type
#ping bob1 and the ping works. The ip adress 18.104.22.168 is on a remote network.
I beleve that
no ip domain-lookup turns off the ability for the router to look up and resolve domain names. But in this case it does not?
ip host command is used to define static hostname to IP address mappings in the DNS hostname cache of the local device. This means that any time a domain name is used instead of an IP address, that mapping will be checked first, before any external DNS, if configured. This is kind of analogous to the “hosts” file found in Windows systems.
By typing the command
no ip domain-lookup, you are disabling the lookup on an external DNS server, however, you are not disabling the lookup in the statically defined mappings. According to the following Cisco documentation:
In order to use this service to map domain names to IP addresses, you must specify a name server.
So a prerequisite to the mappings functioning is that a name server be specified, even if the domain lookup is disabled.
I hope this has been helpful!
networklessons.com resolving to multiple ip address ?
Let’s say the server with the ip 22.214.171.124 is down , then how the client will chose the second ip address ?
A DNS record can point to multiple IP addresses for the same domain name. If you do an nslookup for various well-known DNS addresses, you will find some that return multiple IPv4 or IPv6 addresses. Even www.networklessons.com returns multiple IP addresses.
When a web browser, or any computer application, makes a request to www.networklessons.com, the host will try communication with the returned IP addresses one by one, until a response is received. This way, if one address fails, the next one in line will be attempted until successful.
I hope this has been helpful!