Dynamic Host Configuration Protocol (DHCP)(UDP 67/68) assigns IP addresses to hosts with information provided by a server. It allows easier administration and works well in a small to even very large network environment.
Why use DHCP?
Because manually configuring the network information for each device on a network becomes unrealistic the larger the network becomes, having a protocol that automatically assigns this information to each new host that joins the network is a major key.
What is Bootstrap?
DHCP runs on top of the Bootstrap Protocol (Port 68) and was the foundational protocol that DHCP was built on.
Bootstrap assigns an IP address to a host, but the host’s hardware address must be entered manually in a BootP table.
ScopeOptionsof Properties DHCP Can Provide:
IP Address,
Subnet Mask
Domain Name
Default Gateway
DNS
Windows Internet Naming Service (WINS) information.
TTL (Time To Live) & TFTP Server
What is a DHCP Pool?
The DHCP server is configured by the administrator with what is called a pool of addresses that it uses to assign to any host using the DHCP protocol.
This grouping will include a range of IP addresses that will be used by DHCP; This range or scope is created by the network administrator or network engineer.
Grouping of IP addresses – Each subnet has its own scope – 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24, etc.
When this pool is created, the network admin can also set some addresses as “off limits”; these are called IP Exclusions or Exclusion Ranges.
Meaning these IP addresses cannot be used by DHCP to assign to any hosts; Example would be the IP address of a Router interface.
What is a DHCP Server & DHCP Client?
The DHCP Server has to be on the same network segment as the DHCP client, because if its not, the Broadcast sent by the DHCP Client will not reach the DHCP Server because routers do no forward broadcasts.
Basically, the DHCP Server and DHCP Client have to be in the same LAN for it to operate.
What is a DHCP Client Broadcast?
A client that sends out a DHCP Discover message in order to receive an IP address sends out a broadcast at both layer 2 and layer 3; The Layer 2 Broadcast is all Fs in hexadecimal, which looks like this: FF:FF:FF:FF:FF:FF. The Layer 3 Broadcasts is 255.255.255.255 which is all networks and hosts. This means that the DHCP server will send out a broadcast to all switches + routers.
What is a Dynamic Assignment?
Assigning an IP address through DHCP happens dynamically within one of the address ranges configured by the network admin; As a result, a device connected to the network doesn’t have a permanent address.
Once the lease ends, unless the IP address is reserved, the device will lose that IP address and get a new one.
What is a Static Assignment?
Statically Assigning an IP address is tedious and time-consuming; You’re assigning each IP address information manually by going into each Host connected to the network and typing in the information by hand.
This works fine in smaller networks, but once you start to expand your network it becomes unrealistic and inefficient.
What are Exclusion Ranges?
These IP addresses cannot be used by DHCP to assign to any hosts; Example would be the IP address of a Router interface.
When a DHCP pool is created, the network admin can also set some addresses as “off limits”; These are called IP Exclusions or Exclusion Ranges.
What is DHCP Lease Time?
DHCP Lease Time is The amount of time in minutes or seconds a network device can use an IP address; The IP address is reserved for that device until the reservation expires.
What is DHCP Lease Time Allocation?
The IP configuration, all of the IP settings, and the lease time is all configured by the Network admin.
What is DHCP Lease Time Reallocation?
If a device is rebooted it does check back in with the DHCP server and the lease may be reassigned or reallocated to that same device; The DHCP server would need to be reconfirmed during the reboot process.
What is DHCP Renewal?
There are 2 important timers to know about during the DHCP renewal process.
T1 Timer
Timer that your client uses to check-in with the DHCP server to automatically renew the lease that your currently have; By default this timer is set to take effect whenever your lease reaches the halfway (50%) mark in total lease time.
T2 Timer
If the original DHCP server is down or unavailable, your DHCP client will try to reconnect to any available DHCP server regardless of if it’s already connected to it or not; By default this timer is set to take effect whenever your T1 timer doesn’t go off & whenever 7/8ths (87.5%) of your total lease time passes by.
Renewal In Action
T1 Timer will take effect after the halfway mark (50%) of the total lease time has been reached. At this point the DHCP timer will enter the Renewal Period and try to renew the IP address given by the DHCP Server.
T2 Timer ;If for some reason, the DHCP Client cannot connect back to the DHCP to properly renew during the Renewal Period, it will wait until 7/8ths (87.5%) of the total lease time has passed to enter the Rebinding Period (T2 Timer).
Workstation can also manually release the IP address
Workstations can manually release their DHCP assigned IP addresses in the scenario that they need to put into a different subnet; In this case you would run “ipconfig /release” from the command line
What is a Reservation List?
Reservations are used to assign a unique, fixed, IP address to a specific device on your network, very helpful when you want your device to have the same IP address every time it connects to the network no matter if the lease expired or not.
How a DHCP Client requests Ip information from a DHCP Server?
The Data Link and Network layers are both sending out “all hands on deck” broadcasts saying, “Help! Idk my IP address!”
What is a DHCP Relay?
DHCP Relaysare used whenever a DHCP Server needs to assign IP addresses to hosts that aren’t on the same network as the DHCP server; You can configure your router interface to relay (forward) the DHCP client requests (DHCP Broadcasts).
If your router is not configured to relay DHCP relays, it will ignore and discard the request because routers by default, ignore broadcasts.
What is IP helper/UDP forwarding?
The IP Helper command is used to generally configure a DHCP relay Agent on a Layer-3 interface (Router); By using this command, a router can be configured to accept a broadcast.
UDP Forwarding is used to forward broadcasts and multicast packets for specific IP addresses.
Below is the Four-Step Process a client takes to receive an IP address from a DHCP server:
Discover. DHCP Client (Host) broadcasts a DHCP Discover Message looking for a DHCP Server (port 67)
Offer. DHCP server that received the DHCP Discover message sends a unicast (direct) DHCP Offer message back to the host.
Request. DHCP client then broadcasts to the server a DHCP request message asking for the offered IP address and possibly other information.
Accept. The server finalizes the exchange with a unicast (direct) DHCP acknowledgement message.
DNS — Domain Name Service
What is DNS?
Domain Name Service (DNS)(UDP 53) servers are one of the most important servers in your network and on the Internet as well. Why? Because without a you would have to type in
instead of simply entering www.godzilla.com. Think of DNS as the phone book of the internet.
FQDN
Fully Qualified Domain Name (FQDN) consists of a hostname and a domain name that not only identifies what a device is, but also where it’s located as well
Hostname
Normally the name of the device that has a specific IP address; On the internet, and is apart of what is known as a fully qualified domain name (FQDN).
Domain Name
Domain names are the ending after website url
.com
.edu
.gov
.org
Domain Names are rearranged in a hierarchical tree structure.
DNS is configured in a hierarchy, which makes it easier to organize websites on the internet; DNS is also a extremely spread out database thanks to all the DNS servers that are on the internet.
What are DNS Records?
DNSrecord types are records that provide important information about a hostname or domain. These records include the current IP address for a domain; DNS records are stored in text files (zone files) on the authoritative DNS server.
Start of Authority (SOA)
This is apart of the DNS configuration files that describes what a DNS server is managing; its added to the beginning of the DNS serve configuration.
It also stores information about the DNS domain or zone such as how to contact the administrator, when the domain was last updated, and how long the server should wait between refreshes.
Image of SOA
Structure of SOA
Address Types
A-Record
The most important DNS record type. The “A” stands for “address”; An A-record shows the IP address for a specific hostname or domain.
A-records will give you the hostname of a given IP address! Using an A-record, we can access websites on the internet without knowing their IP addresses, only their hostnames.
Image of A-Record
Quad-A
AAAA records are used to resolve a domain name to the newer IPv6 protocol address; Using an AAAA-record, we can access websites on the internet without knowing their IPv6 addresses, only their hostnames.
Resource Records
CNAME record
Canonical Name (CNAME) records allows hosts to have more than one name; It does this by pointing the official domain name to the another domain. In a CNAME record, the alias doesn’t point to an IP address. And the domain name that the alias points to is the canonical name.
The NS records identify the name servers, responsible for your DNS zone. In order to have a valid DNS configuration, the NS records configured in the DNS zone must be exactly the same as these configured as name servers at your domain name provider.
Image of NS Record
MX (Mail Exchange) record
Mail Exchanger record can be used to find the name of the Mail DNS server
Image of MX Record
Pointer (PTR) record
PTR records are IP address-to-name mapping records rather than name-to-IP address mapping records; They reside in what is called a reverse lookup zone in the server.
PTR records are used when an IP address is known but not the hostname.
Text (TXT)
TXT stands for text, and this record type lets the owner of a domain store text values in the DNS. Several services use this record to verify ownership of a domain and email spam prevention.
Service (SVR)
Using DNS to help your client find another service; Service Records are used to identify where a particular service might be.
Ex. Where is the Windows Domain Controller? Where is the instant messaging server? Where is the VoIP controller?
Image of SVR
Explain Internal DNS Servers vs. External DNS Servers.
Internal DNS Servers
Internal DNS Servers are built & maintained by the local IT team to operate on internal servers
These Internal DNS Servers contain local information about internal devices on the inside of our network that we wouldn’t want to share to the outside
Internal DNS Servers will run on their own service equipment, whether that be Linux, WINS, or any other service running internally separate from any 3rd party entity.
External DNS Servers
External DNS Servers are often provided and managed by a 3rd-party through a contract so that you can have someone else manage the DNS server for you; These External DNS Servers do not include any internal device information.
Examples of 3rd-Party External DNS Service Providers are Google DNS and Quad9.
What are Zone Transfers?
Zone Transfers are
What are Authoritative Name Servers?
Authoritative DNS nameservers are responsible for providing answers to recursive DNS nameservers about where specific websites can be found. These answers contain important information for each domain, like IP addresses.
Authoritative nameservers are like the phone book company that publishes multiple phone books, one per region. Recursive DNS servers are like someone who uses a phone book to look up the number to contact a person or company. Keep in mind, these companies don’t actually decide what number belongs to which person or company — that’s the responsibility of domain name registrars.
Time to Live (TTL)
Time to Live (TTL) is a field on DNS records that controls how long each record is valid and — as a result — how long it takes for record updates to reach your end users.
What is DNS Caching?
When a client gets a DNS reply from query, it will store it locally (cached) for a period of timeto reduce the number of lookups on the DNS servers. In each DNS reply, there is a field called TTL (Time-To-Live) which tells the client how long it should be.
What is Reverse DNS/ Reverse Lookup/ Forward Lookup?
Reverse Lookup
When you know the IP address but you don’t know the domain name; DNS can request a reverse lookup to the server with the IP address to return the domain name.
Forward Lookup
allow the DNS Server to resolve queries where the client sends a name to the DNS Server to request the IP address of the requested host.
What is Recursive lookup /iterative lookup?
Recursive Lookup
A single request is sent to the local DNS server; The local DNS server will then send out requests to try to find what the IP is for the request that we sent.
Once the IP request is completed, the local DNS server will report back to us on what IP it found; It’s also keeping a very large cache of the DNS results so incase the next person makes the same DNS IP request, it’ll be a lot quicker than the first time.
Iterative LookupIterative Lookup is whenever one client communicates with all of the DNS servers itself and doesn’t use a central server to complete all of the requests.
The client does all of the heavy lifting itself (sending out requests to all DNS servers)
NTP — Network Time Protocol
What is NTP?
Network Time Protocol (UDP 123) is provides a correct and consistent time synchronization of the clocks on networking devices and computers on a network. This is used for distributed tasks that require accurate time to make sure tasks are processed in the correct sequence and recorded properly.
NTP is needed for security and log tracking across many devices to correlate and trace events based on time. Many network management apps rely on timestamps for performance measurements and troubleshooting; If all the devices in a network did not have the same time provided by syncing to a master clock using NTP, these would not be possible.
Stratum
This level indicates how accurate the time source is. If the primary clock of reference is a master time source such as a nuclear clock or satellite navigation, it is considered to be stratum level 0.
Stratum 0 is the reference point for Stratum 1, and Stratum 1 is the reference point for Stratum 2, etc. The further you get from Stratum 0, the less accurate it becomes.
Clients
NTP Clients (Hosts) use the NTP protocol to request NTP services from NTP Servers; This level is used to initiate the synchronization all of the clocks on the network
Ex. Any device on the network
Servers
NTP Servers (UDP 123) are going to be listening and respond to any requests sent from an NTP Client/Servers are going to do send NTP requests and fulfill them as well.