CompTIA A+ 220-1201 (2.4 - DNS Configuration)

Domain Name System

• Translates human-readable names

into computer-readable IP addresses

- You only need to remember

www.ProfessorMesser.com

• Hierarchical

- Follow the path

• Distributed database

- Many DNS servers

- 13 root server clusters (over 1,000 actual servers)

- Hundreds of generic top-level domains (gTLDs) -

.com, .org, .net, etc.

- Over 275 country code top-level domains (ccTLDs) -

.us, .ca, .uk, etc.

The DNS hierarchy

.

.com .net .edu .org

.professormesser

www live mail east west

trey katie ethan judy

DNS records

• Resource Records (RR)

- The database records of domain name services

• Over 30 record types

- IP addresses, certificates, host alias names, etc.

• These are important and critical configurations

- Make sure to check your settings, backup, and test!

Canonical name records (CNAME)

• A name is an alias of another, canonical name

- One physical server, multiple services

; Alias (canonical) names

chat IN CNAME mail.example.com.

ftp IN CNAME mail.example.com.

www IN CNAME mail.example.com.

DNS Lookup

professor@Odyssey ~ % dig www.professormesser.com

; <<>> DiG 9.10.6 <<>> www.professormesser.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58050

;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 512

;; QUESTION SECTION:

;www.professormesser.com. IN A

;; ANSWER SECTION:

www.professormesser.com. 300 IN A 104.22.72.108

www.professormesser.com. 300 IN A 172.67.41.114

www.professormesser.com. 300 IN A 104.22.73.108

;; Query time: 42 msec

;; SERVER: 9.9.9.9#53(9.9.9.9)

;; WHEN: Thu Jun 17 09:17:26 EDT 2021

;; MSG SIZE rcvd: 100

Address records (A) (AAAA)

• Defines the IP address of a host

- This is the most popular query

• A records are for IPv4 addresses

- Modify the A record to change the

host name to IP address resolution

• AAAA records are for IPv6 addresses

- The same DNS server, different records

Mail exchanger record (MX)

• Determines the host name for the mail server - this isn't an IP address; it's a name

; This is the mail-exchanger. You can list more than one (if

; applicable), with the integer field indicating priority (lowest

; being a higher priority)

IN MX mail.mydomain.name.

; A list of machine names & addresses

jack.mydomain.name. IN A 123.12.41.40 ; Windows 10

mail.mydomain.name. IN A 123.12.41.41 ; Linux (main server)

sam.mydomain.name. IN A 123.12.41.42 ; Windows 11

Text records (TXT)

• Human-readable text information

- Useful public information

- Was originally designed for informal information

• Can be used for verification purposes

- If you have access to the DNS,

then you must be the administrator of the domain name

• Commonly used for email security

- External email servers validate information from your DNS

Domain Keys Identified Mail (DKIM)

• Digitally sign a domain's outgoing mail

- Validated by mail servers, not usually

seen by the end user

- The public key is in the DKIM TXT record

Sender Policy Framework (SPF)

• SPF protocol

- A list of all servers authorized to send emails

for this domain

- Prevent mail spoofing

- Mail servers perform a check to see if incoming mail

really did come from an authorized host

DMARC

• Domain-based Message Authentication, Reporting, and Conformance (DMARC)

- Prevent unauthorized email use (spoofing)

- An extension of SPF and DKIM

• You decide what external email servers should do with emails that don't validate through SPF or DKIM

- That policy is written into a DMARC TXT record

- Accept all, send to spam, or reject the email

- Compliance reports can be sent to the email administrator