DNS

3.4 Given a scenario, implement IPv4 and IPv6 network services

 Name Resolution

📘CompTIA Network+ (N10-009)

The Domain Name System (DNS) is a core network service used to translate human-friendly domain names into IP addresses that computers can understand. Without DNS, you’d have to remember IP addresses like 192.168.1.10 instead of server.example.com.

1. DNS Basics

  • Purpose: Convert domain names (e.g., example.com) into IP addresses (IPv4 or IPv6) so devices can communicate.
  • How it works: When a client wants to reach a website:
    1. The client asks a DNS server, “What is the IP of server.example.com?”
    2. The DNS server responds with the IP address.
    3. The client uses that IP to connect to the server.

2. DNS Security – DNSSEC

  • DNSSEC (DNS Security Extensions) adds digital signatures to DNS data.
  • Purpose: Prevent DNS spoofing or cache poisoning, where an attacker provides fake IP addresses.
  • Example: If DNSSEC is enabled, the client can verify the response came from a legitimate DNS server.
  • Key points for exam:
    • Not encryption for privacy, just integrity and authenticity.
    • Works with public and private DNS zones.

3. DoH and DoT – Encrypted DNS

  • DoH (DNS over HTTPS):
    • DNS queries are sent over HTTPS.
    • Hides DNS requests from attackers or ISPs.
  • DoT (DNS over TLS):
    • DNS queries are sent over TLS.
    • Encrypts DNS to protect against eavesdropping.

Both improve security but function slightly differently. DoH uses port 443 (HTTPS), DoT uses port 853.

4. DNS Record Types

DNS stores information in records. Important ones for the exam:

RecordPurposeExample
AMaps domain to IPv4 addressserver.example.com → 192.168.1.10
AAAAMaps domain to IPv6 addressserver.example.com → 2001:db8::1
CNAMEAlias for another domainwww.example.com → example.com
MXMail exchange serverexample.com → mail.example.com
TXTText info, SPF, DKIMexample.com → "v=spf1 include:spf.example.com ~all"
NSName server for a domainexample.com → ns1.example.com
PTRReverse DNS lookup192.168.1.10 → server.example.com

Tip: Remember A and AAAA are for forward lookups, PTR is for reverse lookups.

5. Zone Types

A zone is a portion of the DNS namespace that a server manages.

  • Forward Zone:
    • Maps domain names to IP addresses.
    • Example: example.com → 192.168.1.10
  • Reverse Zone:
    • Maps IP addresses back to domain names.
    • Example: 192.168.1.10 → example.com

Forward zones are the most common; reverse zones are used in logging, authentication, and troubleshooting.

6. Authoritative vs Non-Authoritative Responses

  • Authoritative: The DNS server has the original data for the domain.
    • Example: ns1.example.com for example.com.
  • Non-Authoritative: The server doesn’t have the original data, but provides a response from its cache.
    • Example: Your ISP’s DNS cached example.com from a previous lookup.

Tip: Authoritative answers are always trusted; non-authoritative answers are based on cached info.

7. Primary vs Secondary DNS Servers

  • Primary (Master) DNS: Stores the original zone file.
  • Secondary (Slave) DNS: Holds a read-only copy of the zone file from the primary.
  • Purpose:
    • Load balancing
    • Redundancy
    • Backup if the primary fails

8. Recursive vs Iterative Queries

  • Recursive Query:
    • The DNS client asks the server, “Find this IP for me, please.”
    • The server does all the work, contacting other servers if needed, and returns the final answer.
  • Iterative Query:
    • The DNS server provides the best answer it knows.
    • If it doesn’t know, it refers the client to another DNS server.

Example:

  • Recursive: Client asks DNS, DNS finds www.example.com → 192.168.1.10 and returns it.
  • Iterative: DNS says, “I don’t know, ask ns1.example.com.”

Exam Tips for DNS

  1. Remember A = IPv4, AAAA = IPv6, PTR = reverse.
  2. Forward zones → name → IP, Reverse zones → IP → name.
  3. Authoritative = original, non-authoritative = cached.
  4. Primary = master, Secondary = copy.
  5. Recursive queries = DNS does all work, Iterative = client may be referred.
  6. DNSSEC ensures integrity, DoH/DoT ensures privacy/encryption.

This covers all the DNS concepts, records, zones, security, and query types you need to pass the exam, explained in a simple, IT-focused way.

Leave a Reply

Your email address will not be published. Required fields are marked *

Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by