CST06235 - Lecture 05

Chapter 5: Implement DNS

5.1 Implement DNS

• Configure DNS Addresses: Setting up DNS addresses to ensure proper domain name resolution.

• Create Standard DNS Zones: Establish zones for managing DNS records effectively.

• Create Host Records: Insert records mapping hostnames to IP addresses.

• Create CNAME Records: Configure canonical names that serve as aliases for other domain names.

• Troubleshoot DNS Records: Identify and resolve issues related to DNS records.

5.2 Understanding DNS Concepts

Essential Terminologies

• Domain Name System (DNS): A hierarchical naming system that converts hostnames into IP addresses.

• Fully Qualified Domain Name (FQDN): A complete domain name that specifies each level of the hierarchy separated by periods, concluding with a root domain.

• DNS Zones: Sections within DNS that maintain the domain namespace.

  • Forward Lookup Zone: Contains records that resolve FQDNs to IP addresses.

  • Reverse Lookup Zone: Contains records that resolve IP addresses to FQDNs.

  • DNS Records: Entries within a zone that map hostnames to IP addresses and store additional information.

Types of DNS Servers

• Root Servers: Hold information for the root domain and assist in directing queries to TLD servers.

• TLD Servers: Contain information about domain extensions like .com or .org.

• Authoritative Name Server: Contains the actual DNS records for a domain and does not request additional information from other servers.

• Recursive Server: Manages the process of resolving DNS queries by querying other servers until it acquires the desired information.

5.3 DNS Record Types

• A Record: Maps a hostname to an IPv4 address.

• AAAA Record: Maps a hostname to an IPv6 address.

• PTR Record: Maps an IP address to a hostname (reverse lookup).

• CNAME Record: Alias for a domain name, linking to another domain.

• MX Record: Specifies mail servers for handling email.

• TXT Record: Stores text notes in a DNS zone.

• SOA Record: Contains administrative information about a DNS zone.

• NS Record: Identifies the authoritative name servers for a domain.

5.4 Troubleshooting DNS

• Common Issues: Problems may arise due to server outages, misconfigurations, or incorrect DNS entries.

• Troubleshooting Commands:

  • ping: Checks connectivity.

  • tracert/traceroute: Traces the route to a destination.

  • nslookup: Queries DNS to find IP addresses and records.

5.5 DNS Protection

• DNS Security Extensions (DNSSEC): Prevents third-party tampering by verifying DNS responses.

• DNS Socket Pooling: Utilizes multiple ports to mitigate risks.

• Response Rate Limiting: Guards against DoS attacks by controlling response times.

• DANE (DNS-Based Authentication of Named Entities): Combines with DNSSEC to verify the validity of domain certificates, ensuring secure connections.

5.6 Implementing Hybrid Name Resolution

• Integration with Azure: Azure DNS provides resolver capabilities in hybrid environments using private zones for security.

• ExpressRoute: A service facilitating private connections to Azure resources.

• Hybrid DNS Setup: Combines on-premises DNS with Azure solutions in a seamless structure, using forwarding rules to manage request routing effectively.