Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Unit 7 DHCP and DNS

advertisement 
Unit 7 - The Dynamic Host Configuration Protocol (DHCP) and
the DNS Server
Prior to the release of Windows NT 4.0, company networks relied heavily on IPX/SPX and even
NETBEUI as their primary network/transport protocols, due to their simplicity and ease of
configuration. At that time, TCP/IP was still widely referred to as the "protocol of the internet,"
and was seldom used for internal networks. It was considered too complex, too clunky and slow,
and too difficult to configure and manage. Novell NetWare had the greater share of the network
operating system (NOS) market, although it did not support native IP; UNIX had the majority
share of the internet market and was primarily run with only IP. One of the deterrents to using
TCP/IP for the company network was its complex addressing scheme. In order to be routable
across multIPle networks—a necessity for an internet protocol—TCP/IP relies on IP addresses
that define both network and host addresses. Each address needed to be unique, and keeping track
of all the addresses assigned to devices in a large network environment could be an administrative
nightmare. However, the dynamic host configuration protocol (DHCP) provides a mechanism for
assigning IP addresses automatically, ensuring that there will be no duplicates on the network and
relieving much of the administrative burden. With the introduction of DHCP into the networking
world, more and more companies started relying on TCP/IP for their client centric
communication protocol.
What is DHCP?
Dynamic host configuration protocol (DHCP) is a standardized protocol that is used to
dynamically distribute IP address assignments and configuration information to DHCP-enabled
clients. Whether those clients run Windows, Unix/Linux, or Macintosh operating systems, they
need only be DHCP-aware to be able to receive IP addresses from a Windows 2003 DHCP
server.
DHCP grew out of BOOTP (bootstrap protocol), a means for diskless workstations to obtain an
IP address (along with information for booting the machine). sun had started building these
diskless workstations in the 1980s, and they used BOOTP to allow the machines to boot up with
information from a BOOTP server. DHCP was developed as an extension to BOOTP; it uses a
"lease" method to allow addresses to be reassigned to different clients, and it also allows for the
DHCP server to provide additional TCP/IP configuration information (such as DNS server
address and default gateway) along with the IP address. Before DHCP, TCP/IP configuration was
a manual process. Administrators had to configure each workstation by hand and keep a running
list of which machine owned which IP address.
DHCP leases
The process a DHCP client goes through to obtain an IP address and any network-specific
configuration options is called the DHCP lease process. A DHCP lease is a configurable amount
of time that defines for how long a client has permission to use a particular IP address. This time
limit is referred to as a lease duration. By default, Windows server 2003 sets this value to eight
146
days (the same default value was assigned to DHCP leases configured using Windows 2000
DHCP server).
DHCP scopes can be defined as a set of configurable IP address options along with hard-coded IP
address ranges that ultimately service DHCP clients during their DHCP lease process. Lease
duration times are scope independent and, thus, can be set differently for each scope on your
DHCP server.
If the number of IP addresses available per subnet greatly exceeds your number of physical
DHCP-aware devices, you can set your lease duration for a longer time interval than the default
value of eight days. Or, if your DHCP clients tend not to move around (no portable/mobile
computers), and your network configuration options do not change often, you can set your lease
duration time to a higher interval as well. If you are using a network protocol analyzer such as
Windows server 2003 network monitor to generate a baseline of your network traffic over a
week's period and notice excessive DHCP traffic, you may want to increase the lease duration
unless circumstances dictate otherwise.
1. Question:. Which of the following is a true statement? select four
a. TCP/IP is the native networking/transport protocol for Windows 2003.
b. DHCP permits automatic assignment of IP addresses.
c. DHCP clients must be running a Windows operating system.
d. Active directory (ad) requires the use the TCP/IP.
e. DHCP enables downlevel clients to auto-register their fully-qualified domain
names in your AD DNS.
2. Question: You created scope A with the new scope wizard and accepted all of the
default options. How many days long is scope A’s lease duration?
3. Question: In which of the following instances should you consider decreasing the
default DHCP lease duration time?
a. The number of IP address per subnet is high and there are no mobile users in
the network.
b. The number of IP address per subnet is low and mobile users comprise over
half of the network population.
DHCP broadcasts are sent using user datagram protocol (udp) port numbers 67 and 68. This is
important to know because, by default, most routers do not forward these types of broadcast
messages. If you want to use a DHCP server that sits on the other side of a router interface, you
must ensure that the router supports DHCP relaying. Most cisco routers will support DHCP relay;
to enable it, type the IPhelper protocol command at the router console.
Most IP addresses are not permanently assigned. Unless you have the lease duration set to
unlimited, DHCP servers are configured to lease their addresses for a specified duration (on a perscope basis). Periodically, each client check backs in with the DHCP server that assigned its
address and asks to continue using it. At the same time, the client will receive any configuration
changes that need to be applied. This process is called lease renewal. Although it is usually an
automatic process, it can be manually forced by the DHCP client.
Automatic renewal
Lease renewal is something that is continually happening on all DHCP clients with a temporary
lease duration. By definition, lease renewal is the process by which a configured DHCP client
tries to renegotiate its current IP information and options with its leasing DHCP server. Lease
147
renewal is an automatic process and is determined by the lease duration settings in the properties
of the DHCP scope to which the client's address belongs.
1st attempt
The beginning of the lease renewal process happens when 50% of the client's lease duration
interval has elapsed. For example, if a client has a lease duration of eight days, it will try to renew
its lease after four days. The renewal begins at the third stage of the DHCP lease process; issuing
a DHCPrequest message to the same server that originally leased the IP address to the client (this
is not a broadcast message as were all the messages in the original DORA process). If the DHCP
server is available, the client receives a DHCPack from the server, renewing the client lease in
accordance with the lease duration interval, and updates any DHCP options that were changed.
2nd attempt
if the originating DHCP server is unavailable at the 50% mark, the client waits until 87.5% of the
lease is up and tries again with another DHCPrequest message. If at this time the DHCP server is
still unavailable, the client will keep its current IP address only until the lease expires, at which
time it will begin at stage one of the DHCP lease process, broadcasting a DHCPdiscover message
in an effort to find a new DHCP server.
If the client issues a request for an address that does not reside on its network segment, possibly
because the client was moved from one network to another, the DHCP server will issue a
DHCPnack message. This will force the client to release its address and start at stage one of the
DHCP lease process with a DHCPdiscover broadcast. This often occurs when a laptop user
disconnects from one network and then attempts to reconnect to another.
Manual renewal
Manual lease renewal is initiated on the client side and is accomplished by issuing a command
line sequence. You might want to renew a client's lease manually when you have made an urgent
scope options change, such as adding a new DNS server, and you want to push the change out
immediately. The IPconfig tool is used to manually release and renew your IP address and scope
options.
To release a client's IP configuration, open a command prompt and use the IPconfig command
with the /release switch.
To renew that same client's IP configuration instead, issue the IPconfig command with the
/renew switch.
1. Question: what percent of the lease duration interval must elapse before a DHCP client
attempts to automatically renew its lease for the first time?
a. 37.5%
b. 50%
c. 62.5%
d. 75%
e. 87.5%
f. 100%
2. Question: Under which of the following circumstances will a DHCP client stop
attempting to renew its address and issue a DHCPdiscover message instead? Select
two.
a. If the client cannot renew its lease once 50% of the lease has elapsed.
b. If 87.5% of the client's lease elapses.
c. If the client's lease expires without being renewed.
148
d. If the client receives a DHCPack message after any renewal attempt
e. If the client receives a DHCPnack message after any renewal attempt
Configuring scopes
Scopes are the basic building blocks of the DHCP framework. You must create and configure a
DHCP scope before dynamic IP addresses can be assigned. By definition, a scope is a range of IP
addresses. This range has a beginning and an ending IP address that define the inclusive IP
addresses that are available for clients to obtain. One DHCP server can hold scopes for many
different network segments. Each scope is accessible by DHCP clients across router boundaries,
but only if the router that separates those network segments is configured to forward DHCP
broadcasts or if each segment has a DHCP relay agent configured to forward these broadcasts to
the DHCP server holding its scope.
DHCP Options
DHCP options are configurable settings that can be distributed to DHCP clients along with IP
addresses. These options are client specific, meaning that if the DHCP client does not support an
option you configure, it simply ignores that option. There are over 60 different configurable
DHCP options in the Windows server 2003 DHCP server. The table below lists a few of the more
common DHCP options.
Option
Number
Option Name
DescrIPtion
003
Router
Specifies the default gateway router
006
DNS Servers
Lists any DNS servers on the network
015
DNS Domain
Name
Specifies the parent DNS domain name
for the DNS locater service
035
ARP Cache
Timeout
Specifies the timeouts in seconds for
ARP cache entries
044
WINS Servers
Lists and WINS servers on the network
046
WINS Node
Type
Specifies the NetBIOS node type
249
Classless Static Specifies destination, mask, and router
Routes
for static routes
Windows server 2003 has introduced a new predefined DHCP option to enable the distribution of
network specific static routes. Option number 249 — classless static routes — enables the
administrator to define any number of static routes desired, to the clients' local routing tables.
This option can encompass all of your DHCP scopes if you use it as a server option, or a specific
subnet if you configure it as a scope option.
Understanding reservations
DHCP reservations provide a way to reserve a particular IP address for a specific client, which is
useful for clients that always need to have the same address. Reservations are treated a bit
differently than the other types of DHCP options because an administrator must manually set up
149
each reservation separately with predefined information from the client machine's network
interface card. Why not just assign a static IP instead of creating a client reservation? You could,
but then the client would not be able to get other configuration options (DNS server, default
gateway, etc.) from the DHCP server if/when those options change. Further, you would have to
change them manually on every statically-assigned computer.
Displaying a client's MAC address
To set up a new DHCP reservation, you need to know the MAC address of the client's network
adapter. You can find out the MAC address from the client computer by running the IPconfig /all
command. If you cannot physically visit the client computer, you can use the ping and arp
commands to identify the MAC address and then use the copy and paste feature to enter it into the
reservation. To do so, ping the client and note the IP address that is returned (192,168.9.6). Then,
use the arp command with the –a switch to show the local arp cache. Now, match up the IP
address from the ping results to the physical address listed in the arp -a results (00-b0-d0-26-9cc6).
Setting up DHCP reservations
Now that you know the MAC address of the client for which you want to create the reservation,
you can go ahead and actually create the DHCP reservation using the new reservation dialog box.
Step 1 to open this dialog box from the DHCP mmc, select the reservations folder of the scope
that contains the IP address you want to reserve and open the action menu.
Step 2 now, choose new reservation from the action menu.
Step 3 next, enter a name that uniquely identifies the client for which you are creating the
reservation (e.g., xppro1) in the name box of the new reservation dialog box.
Step 4 now, enter the IP address you want to reserve (e.g., 192.168.9.6) in the IP address box.
Step 5 next, enter the MAC address of the client's network adapter (e.g., 00-b0-d0-26-9c-c6) in
the MAC address box. The MAC address is the piece of the reservation that actually identifies the
client as it first initiates its DHCPdiscover broadcast.
Step 6 now, enter an administrative description to better identify this client (e.g., Windows XP
desktop) in the description box.
Step 7 now, select the option from the supported types area which describes the method the client
uses obtain DHCP information and then choose the add button to create the reservation. Although
most Microsoft clients will use DHCP only, Windows 2000 remote installation services (RIS)
clients use the BOOTP protocol to initialize. Older non-microsoft clients may use the BOOTP
protocol as well, so unless you are sure, it safe to leave the default of both selected
The new client reservation is displayed in the reservations folder.
150
Domain Naming System Concepts
IP addresses & computer names
When internetworking was first conceived and implemented in the 1960s and 1970s, the internet
protocol (IP) addressing scheme was also devised. The first network, arpanet, was a small
network of large, mainframe computers. Each computer had a unique host name and an IP
address, which were recorded in a file kept on each computer called the hosts file. It was a flat
text file (hosts.txt) and was used by the computer to resolve host names to IP addresses. When
there were five, ten, or even twenty computers, it wasn't difficult to keep the file current, nor was
it difficult to choose a unique computer name.
The problem: unique names, maintenance, and bandwidth
As organizations (universities, government agencies, and large corporations, at first) expanded
their internal networks, the difficulty of ensuring unique computer names increased. It also
became increasingly difficult to maintain an up-to-date version of the hosts file on each computer
and the bandwidth required to transmit this file was expanding beyond the bandwidth capabilities
of the time.
The solution: DNS
Another system needed to be implemented. What emerged from this were two request for
comments (rfc), 882 and 883, that described the design of a domain name system based on a
distributed database containing general resource information rather than relying on a distributed
flat text file. As with many of the networking constructs created years ago, the DNS framework is
coming under increasing pressure as more and more servers are added around the world.
Although windows internet name service (WINS) is still supported in windows server 2003, the
preferred and default name resolution method became DNS beginning with windows 2000.
WINS is still supported to provide backward compatibility for applications written to the netbios
interface.
DNS naming
The hierarchical naming system used by DNS, known as the domain namespace, is more flexible
and orderly than using flat netbios naming. In this system, the domain namespace begins at the
root domain, which is unnamed and is identified by "." (the dot character). As it expands, there
are more and more branches to the tree and each node creates a unique name (up to 255
characters) like server1.mycompany.com.
An organization can choose to create a private domain namespace and it does not have to be
unique as long as it does not interact with public networks such as the internet.
The DNS system relies on a distributed database for efficient name resolution. These databases
reside on DNS servers. Computers that act as DNS servers run a program known as a resolver
that manages the database structure and the information in it (resource records and zone files).
This information is used to provide responses to client requests for name resolution. Let’s take a
look at each of the components involved in this process: DNS servers, resolvers, resource records,
zones, and zone files.
151
DNS servers
The primary function of a DNS server is to respond to client name requests either directly or by
providing a pointer to another DNS server. Each DNS server is assigned a contiguous portion of
the namespace, known as zone, over which it presides and is authoritative. Authority for a zone
can be delegated to another server. Administrators often delegate authority for subdomains to
other DNS servers. For example, the mycompany server could be authoritative for the entire
zone, or the az and fl servers could be given authority over their own zones.
DNS resolvers
DNS resolvers are programs that use DNS queries to request information from DNS servers. A
resolver usually is built into a utility program or can be made accessible via library functions and
can communicate with a remote DNS server or the DNS server running locally. A resolver can be
run on any computer, including a DNS server.
Resource records
Resource records are sets of information used to resolve name resolution queries. A DNS server
contains the resource records it needs to respond to name resolution queries for the namespace for
which it is authoritative.
Zones
A zone is a contiguous (adjoining) portion of the domain name space for which a DNS server is
authoritative. A zone is not a domain. A domain is a branch of the namespace; a zone is a portion
of a namespace that can contain multiple domains. While company1 and company2 (shown here)
are both domains, they are also zones that contain multiple domains.
152
Zone files
Zone files are files that contain resource records for the zone for which the DNS server is
authoritative. Typically, zone files are text files but they can also be stored in the active directory
database. The alphacorp.local zone file is shown here as an example.
Match each term to the appropriate description.
Contiguous portion of the domain name
space
Branch of the domain name space
Program used to request information
from a DNS server
Text file that contains the resource
records for a zone
1 Domain
2 Resolver
3 Resource record
4 Zone
5 Zone file
Package of information used to resolve
name resolution queries
153
DNS zone types
A zone is a contiguous portion of a namespace. The term contiguous appears repeatedly and it's
an important concept to understand. As you might know, things that are contiguous are in actual
contact, adjacent or adjoining. Thus, the namespace that comprises a zone must be adjoining. The
noncontiguous namespace cannot be a zone. The company1 and company2 zones, are both
contiguous namespaces. The sales and east subdomains are not contiguous to one another and
could not, together, be an independent zone.
DNS server is authoritative over one or more zones, meaning it maintains the database of
resource records related to the nodes in the zone(s) for which is it responsible. There are three
types of zones you can create using the new zone wizard in windows server 2003: primary,
secondary, and stub. Both primary and stub zones can be active directory integrated.
A primary zone holds the master copy of the zone database and is replicated to secondary zones.
All changes to the zone are made to the primary zone. A DNS server that is authoritative for a
particular zone will make updates to the primary zone.
A secondary zone is a read-only copy of the zone database that is copied from the master server
when replication of the zone occurs via zone transfer. This type of zone is used to provide fault
tolerance and faster name resolution across the network.
The stub zone contains only the resource records needed to identify the authoritative DNS servers
for the zone. This zone is used to keep a parent zone up-to-date as to the authoritative DNS
servers for a child zone. Stub zones are unique and contain a small subset of typical zone data.
An Active Directory integrated zone is primary or stub zone information held in and replicated
using windows active directory (AD), providing greater flexibility in the replication process. A
primary zone cannot be managed by two different DNS servers, except that multiple computers
can be configured to manage zones that are ad integrated.
A zone transfer is when the zone resource records are replicated. A zone can be stored as a text
file or within the active directory structure on a windows 2000/2003 DNS server. Some
secondary DNS servers may store a zone in memory and perform a zone transfer whenever they
are reinitialized.
154
Related documents
DHCP Security Analysis
DHCP Security Analysis
Basic Server Roles: File Services Role: The File Services Role has
Basic Server Roles: File Services Role: The File Services Role has
Configuring DHCP Scopes and Options
Configuring DHCP Scopes and Options
A Practical Guide to Red Hat® Linux® College Edition
A Practical Guide to Red Hat® Linux® College Edition
PowerPoint Slides
PowerPoint Slides
Windows 2000 DHCP Installation and Configuration
Windows 2000 DHCP Installation and Configuration
Packet Tracer Lab
Packet Tracer Lab
AD Messaging Engineer
AD Messaging Engineer
Reach 2010
Reach 2010
Download
advertisement