1. KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT375-01 Introduction to Network Security Instructor – Jan McDanolds, MS, MCSE, Security+ Contact Information: AIM – JMcDanolds Email – jmcdanolds@kaplan.edujmcdanolds@kaplan.edu Office Hours: Wednesday 5:00 pm ET and Thursday 8:00 pm ET

2. UNIT 4 DNS – Domain Name System Field Trip - Search 1.http://www.dnsstuff.com/http://www.dnsstuff.com/ Who Is? www.kaplan.edu Where is the Technical Contact and what are the names of the name servers? What is.com versus.edu? Name servers are what?www.kaplan.edu 2.http://lookupserver.com/http://lookupserver.com/ Go half way down page, enter 207.12.8.3 IPCity – Geolocation. Where? Latitude? Longitude? 3.http://www.mxtoolbox.com/DNSLookup.aspxhttp://www.mxtoolbox.com/DNSLookup.aspx What is a blacklist?

3. UNIT 3 REVIEW Review of Chapter 4 Chapter 4 – Installing and Configuring the DHCP (Dynamic Host Configuration Protocol) for Windows Server 2008 Discuss the basics of Dynamic Host Configuration Protocol (DHCP) Describe the components and processes of DHCP Install DHCP in a Windows Server 2008 environment Configure the DHCP server Administer DHCP on clients and servers Troubleshoot DHCP

4. UNIT 3 REVIEW Quick Check of Concepts Type the answers to these questions: 1.Number one reason to use DHCP? Second reason? 2.Why do you need to authorize a DHCP server in Windows Server 2008? What is a rogue server? 3.Two reasons to provide more than one DHCP server. 4.A bonus question – what is a good rule for creating scopes?

5. UNIT 4 Introduction to DNS in Windows Server 2008 Chapter 5 – Objectives Discuss the basics of the Domain Name System (DNS) and its terminology Configure DNS clients Install a standard DNS server on Windows Server 2008 Create standard DNS zones

6. UNIT 4 Domain Name System Primary function is to translate human-readable host names Assists the flow of e-mail - mail exchanger records tell a Simple Mail Transfer Protocol (SMTP) server where to send an e-mail message Thousands of distributed servers (DNS servers) on the Internet Terminology: DNS namespace DNS domain Fully qualified domain name Hosts Host name DNS record DNS zone

7. UNIT 4 DNS namespace Organized into the following domains: root domain (.), top-level domain (TLD), second- level domain, and subdomain DNS domain The portion of the namespace to the right of the host name Fully qualified domain names The entire name for a specific host that needs to have a DNS record created

8. UNIT 4 Hosts - A computer on the Internet that provides a specific resource Host name - Name given to a computer, or host, to make connecting to it easier DNS zone Collection of connected nodes served by an authoritative DNS name server DNS records DNS uses records to provide the information it stores in its database DNS zone

9. UNIT 4 DNS Queries Iterative query A DNS client requests the best answer that its DNS server can provide Recursive queries Queries where the client requires an answer from its DNS server DNS clients – called DNS resolvers

10. UNIT 4 DNS Client Settings DNS servers - For a client to resolve DNS queries, it needs to know which server to contact. The first DNS server in the list is called the preferred DNS server DNS suffix - DNS domain appended to all unqualified name queries, or a query that contains only a host name

11. UNIT 4 DNS Updates Windows Server 2008 supports dynamic updates with both standard and Active Directory Domain Services Referred to as DDNS Dynamic update enables DNS client computers to register and dynamically update their resource records with a DNS server whenever changes occur. This reduces the need for manual administration of zone records, especially for clients that frequently move or change locations and use DHCP to obtain an IP address. Request for Comments (RFC) 2136, "Dynamic Updates in the Domain Name System." The DNS Server service allows dynamic update to be enabled or disabled on a per-zone basis at each server. By default, the DNS Client service will dynamically update host (A) resource records (RRs) in DNS when configured for TCP/IP. For more information about RFCs, see DNS RFCs.DNS RFCs

12. UNIT 4 Installing DNS DNS - A role that can be installed on Windows Server 2008 Full and Server Core versions. Often combined with other services such as DHCP Installing Cache-only DNS server This server has the DNS role installed, however it does not hold a DNS zone so it is not authoritative for any DNS zones. Does not maintain DNS records Root hints Provide IP address pointers to top-level DNS servers When configured, a DNS server can perform queries when it receives domain name requests for zones in which it is not authoritative Provide referral answers to queries in a DNS server’s quest to resolve an unknown domain name request Forwarders Servers used to resolve names

13. UNIT 4 DNS Zones Zones - Building blocks for creating your DNS infrastructure DNS zones - Classified in three ways: the information they store, where they are stored and their read/write status Fall into two categories: Standard and Active Directory Standard Zones and Types zone.dns - Used to store DNS records Found in the %systemroot%\system32\DNS folder Berkeley Internet Name Domain (BIND) - Industry standard of DNS servers on the Internet and networks running DNS on UNIX/Linux systems Primary DNS zone The zone that is authoritative for a specific domain and its name records Secondary DNS zone Read-only version of the DNS records for a zone Stub zone Read-only copy of a zone that obtains its resource records from the name servers that are authoritative for a particular zone

14. UNIT 4 DNS Resource Records Information in a DNS record: Owner, Time-to-Live (TTL), Class, Type Resource Record Data (RDATA) Start of Authority (SOA) - Record is the starting point for information related to a zone Table 5-1 on page 191 Name server (NS) record identifies a DNS server that is authoritative Host (A) record provides host name–to–IP address resolution for DNS clients Host (AAAA) records for IPv6 maps a host name to an IPv6 address Mail exchanger (MX) record - Specifies the server that is responsible for handling e-mail Alias records - Used to create an alias for a specific host Pointer records - Resolves IP address to host names for DNS clients Service locator records – Provides location of services it needs, network protocol needed to access the previously mentioned services, and domain services it provides

15. UNIT 4 Standard DNS Zone Transfers Master server - Provides updated DNS records to secondary servers Slave server - Gets its updates from the master zone transfer partner specified on the Zone Transfer tab in DNS Zone transfers from the master to the secondary server come in two varieties: Incremental zone transfers (IXFRs) and Full zone transfers (AXFRs) Incremental zone transfers (IXFRs) Full zone transfers (AXFRs)

16. UNIT 4 Nslookup TCP/IP Utility for DNS Nslookup.exe is a command-line administrative tool for testing and troubleshooting DNS servers. It is installed with the TCP/IP protocol. Nslookup.exe can run in two modes: interactive and noninteractive. Noninteractive mode is useful when only a single piece of data needs to be returned. The syntax for noninteractive mode is: nslookup [-option] [hostname] [server] To start Nslookup.exe in interactive mode, simply type "nslookup" at the command prompt: It will return something like the following: C:\> nslookup Default Server: nameserver1.domain.com Address: 10.0.0.1 > Typing "help" or "?" at the command prompt will generate a list of available commands. Type “exit” to leave nslookup. http://support.microsoft.com/kb/200525

17. UNIT 4 Unit 4 Assignment REVIEW the Rubrics for UNIT 4 Part I and Part II Part I- (20 points ) Complete the 12 Chapter 5 Web-Based Lab Activities.

18. UNIT 4 Unit 4 Assignment Part II - (20 points) Using tools you learned about in this chapter and other tools available, research the sun.com, whois.net, and icann.org. Your goal is to find out all of the publicly available information about each domain including domain registration information, DNS records, and IP addresses. At a minimum, you will submit the following for each domain: Domain admin email address Domain expiration date All name servers for the domain All available A records All available MX records