WEBVTT 00:00.000 --> 00:02.880 >> Let's talk about network services. 00:02.880 --> 00:05.040 The three main services we're going to focus 00:05.040 --> 00:07.695 on in this section is going to be DNS, 00:07.695 --> 00:09.345 Domain Naming service, 00:09.345 --> 00:13.035 DHCP, Dynamic Host Configuration Protocol, 00:13.035 --> 00:14.924 and then the last is IPM, 00:14.924 --> 00:17.340 which is IP address management. 00:17.340 --> 00:19.140 These are some services that 00:19.140 --> 00:21.510 are important on the network. 00:21.510 --> 00:23.940 Let's start with arguably the 00:23.940 --> 00:25.950 most important service on the network. 00:25.950 --> 00:27.480 Certainly one of them. 00:27.480 --> 00:29.070 That's DNS. 00:29.070 --> 00:32.175 We really have to appreciate with DNS does for us. 00:32.175 --> 00:34.020 Because you and I are good with names, 00:34.020 --> 00:36.525 but we're not good with IP addresses. 00:36.525 --> 00:38.640 I'm going to assume that's the case. 00:38.640 --> 00:41.560 Most of us appreciate a user friendly name. 00:41.560 --> 00:44.075 I know how to go to amazon.com. 00:44.075 --> 00:46.415 I've no clue what the IP address is, 00:46.415 --> 00:48.080 but we have to remember when 00:48.080 --> 00:50.135 hosts are making a network connection, 00:50.135 --> 00:52.850 one of the things they need is an IP address. 00:52.850 --> 00:56.215 That's a layer 3 resolution that has to happen. 00:56.215 --> 00:58.615 It's DNS that we go to. 00:58.615 --> 01:00.650 Our clients are configured to know who 01:00.650 --> 01:03.245 their local DNS server is. 01:03.245 --> 01:05.000 When there's any sort of 01:05.000 --> 01:06.950 naming that's used for a connection, 01:06.950 --> 01:10.685 the client immediately carries their local DNS server. 01:10.685 --> 01:13.010 As long as that local DNS server 01:13.010 --> 01:14.630 has the information stored, 01:14.630 --> 01:16.970 then it responds with an IP address. 01:16.970 --> 01:20.030 The client is then able to add that layer in 01:20.030 --> 01:21.740 the layer 3 packet header 01:21.740 --> 01:23.750 and we can make that connection. 01:23.750 --> 01:26.000 That's assuming the local DNS server 01:26.000 --> 01:27.590 has that information. 01:27.590 --> 01:29.780 In a minute, we'll discuss what happens if 01:29.780 --> 01:33.005 the local DNS server does not have that information. 01:33.005 --> 01:35.750 At any rate, DNS is the information 01:35.750 --> 01:37.579 >> stored in a database. 01:37.579 --> 01:40.190 >> Today is a dynamic database 01:40.190 --> 01:42.529 where hosts are able to update DNS, 01:42.529 --> 01:44.780 perhaps if their name or IP address 01:44.780 --> 01:47.770 changes as new hosts come on to the network. 01:47.770 --> 01:50.885 They're are also able to register with DNS. 01:50.885 --> 01:54.545 DNS is a lot easier to manage than it was years ago. 01:54.545 --> 01:56.960 As a matter of fact, many years ago, 01:56.960 --> 01:59.090 we used to have a static text file on 01:59.090 --> 02:01.610 client systems called the hosts file. 02:01.610 --> 02:04.190 That host file would be manually updated with 02:04.190 --> 02:07.240 a user-friendly name and IP address. 02:07.240 --> 02:10.310 DNS came along offering an automatic database. 02:10.310 --> 02:14.300 As DNS involved, allowing host registered dynamically, 02:14.300 --> 02:17.255 which is much easier than it used to be. 02:17.255 --> 02:19.340 But it's really clerical service 02:19.340 --> 02:21.395 and everything is based on the database. 02:21.395 --> 02:24.990 The database contains a series of records. 02:26.350 --> 02:29.405 I would definitely know these record types. 02:29.405 --> 02:31.955 They come up multiple times on the exam. 02:31.955 --> 02:34.520 The idea is that for specific queries, 02:34.520 --> 02:36.410 specific records are used. 02:36.410 --> 02:38.690 The one we think of most often when thinking 02:38.690 --> 02:41.030 of DNS is an A record, 02:41.030 --> 02:45.420 also known as host record. Other name is fine. 02:45.420 --> 02:47.570 This is the record that takes 02:47.570 --> 02:51.395 a known FQDN and resolves an IP address. 02:51.395 --> 02:53.780 We connect to amazon.com and we get 02:53.780 --> 02:56.510 an IP address that matches the server's name. 02:56.510 --> 02:58.595 We can do that for local usage, 02:58.595 --> 03:01.655 or as long as we're configured to use internet servers, 03:01.655 --> 03:03.980 we can get name resolution and connect 03:03.980 --> 03:06.170 to any server by name in the world as 03:06.170 --> 03:08.630 long as we have DNS configured properly and 03:08.630 --> 03:10.160 there are no issues with the server 03:10.160 --> 03:11.664 >> to which we connect. 03:11.664 --> 03:14.860 >> Name resolution is very important. 03:14.860 --> 03:17.630 It's the host record we think about most 03:17.630 --> 03:19.970 of the time that can be called the A record. 03:19.970 --> 03:22.700 There's also a quad A record that's designed 03:22.700 --> 03:26.440 for IPv6 to FQDN resolution. 03:26.440 --> 03:29.180 The PTR record, Pointer record 03:29.180 --> 03:31.900 is actually the opposite of a host record, 03:31.900 --> 03:35.095 what it's going to do is if you have an IP address, 03:35.095 --> 03:37.640 it will find the fully qualified domain name. 03:37.640 --> 03:40.030 If you think, when am I going to find 03:40.030 --> 03:43.180 the IP address and not know the name of the server? 03:43.180 --> 03:44.440 This is something that's used by 03:44.440 --> 03:46.205 a lot of tools on the network. 03:46.205 --> 03:49.885 It's also used if you have anti-malware software. 03:49.885 --> 03:51.610 You may get a notice that there's 03:51.610 --> 03:53.350 a specific domain or host that 03:53.350 --> 03:54.774 >> it's scanning your system. 03:54.774 --> 03:56.800 >> That requires pointer resolutions 03:56.800 --> 03:58.689 >> or reverse resolutions. 03:58.689 --> 04:00.610 >> As a matter of fact, they call 04:00.610 --> 04:02.485 the zone reverse lookup zone. 04:02.485 --> 04:04.570 Whereas when you're using a host record, 04:04.570 --> 04:06.755 that's a forward lookup. 04:06.755 --> 04:09.060 There's a handful of others. 04:09.060 --> 04:11.420 Start of Authority, SoA, 04:11.420 --> 04:14.845 is the name server that's authoritative for the zone. 04:14.845 --> 04:16.630 Your SoA is usually 04:16.630 --> 04:18.070 the first DNS server that 04:18.070 --> 04:20.530 has name resolution for that zone. 04:20.530 --> 04:24.040 You may have another other name servers redundancy. 04:24.040 --> 04:26.230 That's what the NS records are for. 04:26.230 --> 04:28.705 The SRV or Service records 04:28.705 --> 04:30.100 are really important because they 04:30.100 --> 04:31.990 list the critical network services 04:31.990 --> 04:34.074 >> in their IP addresses. 04:34.074 --> 04:36.880 >> For instance, if your host needs to know where 04:36.880 --> 04:39.995 a domain controller is, it asks DNS. 04:39.995 --> 04:44.395 DNS uses the service record and says an LDAP server, 04:44.395 --> 04:46.285 here's the IP address for it. 04:46.285 --> 04:49.120 For our Kerberos Key Distribution agent server 04:49.120 --> 04:52.190 or a global catalog server or mail server. 04:52.190 --> 04:53.780 The service records have 04:53.780 --> 04:56.240 all the services and which servers are running them. 04:56.240 --> 04:58.220 There's also a record type called the 04:58.220 --> 05:01.445 CNAME or an alias record. 05:01.445 --> 05:03.200 If you want clients to connect to 05:03.200 --> 05:04.760 a specific host and maybe 05:04.760 --> 05:06.815 have a more professional name for the host. 05:06.815 --> 05:08.600 But on the back-end, you want to name 05:08.600 --> 05:10.430 it after some Star Trek character, 05:10.430 --> 05:13.310 which invariably most of us in IT would want to have 05:13.310 --> 05:14.360 our servers named after 05:14.360 --> 05:16.985 Star Trek characters rather than www. 05:16.985 --> 05:19.370 How boring is that? Well, 05:19.370 --> 05:21.080 we know that our web browsers are going to 05:21.080 --> 05:23.555 connect to a server, www. 05:23.555 --> 05:25.490 We create an alias record 05:25.490 --> 05:27.950 that says when they type out www, 05:27.950 --> 05:29.809 send them to server Picard 05:29.809 --> 05:31.775 or whoever your favorite character is. 05:31.775 --> 05:33.500 I don't want to go down the nerd trail, 05:33.500 --> 05:34.850 but I prefer to name mine after 05:34.850 --> 05:36.424 >> Harry Potter characters. 05:36.424 --> 05:39.530 >> No server named after he who must not be named, 05:39.530 --> 05:40.700 hopefully not going to bring 05:40.700 --> 05:41.900 the Voldemort server onto 05:41.900 --> 05:44.215 the network. That doesn't bode well. 05:44.215 --> 05:47.720 Finally, the last record type is the mail server. 05:47.720 --> 05:48.950 An MX record that will 05:48.950 --> 05:51.460 indicate where the mail servers are. 05:51.460 --> 05:55.145 These records are really the heart and soul of DNS. 05:55.145 --> 05:56.840 These are the records that are used 05:56.840 --> 06:00.275 anytime you make a query to the DNS server. 06:00.275 --> 06:02.870 The way DNS works is, 06:02.870 --> 06:04.100 let's say that I'm trying to get 06:04.100 --> 06:05.660 to google.com or something 06:05.660 --> 06:08.900 that basic or the web server for google.com. 06:08.900 --> 06:11.870 Even though we don't type out www anymore, 06:11.870 --> 06:14.210 that's understood within the web browser. 06:14.210 --> 06:15.920 I, as a client, type out, 06:15.920 --> 06:18.335 www.google.com, 06:18.335 --> 06:21.635 and I send a DNS query to my local DNS server. 06:21.635 --> 06:23.975 It's called the DNS resolver. 06:23.975 --> 06:26.675 Now because the google.com domain 06:26.675 --> 06:29.435 isn't managed by my local DNS server, 06:29.435 --> 06:31.430 my DNS server sends out some 06:31.430 --> 06:32.870 curious to try to learn where the 06:32.870 --> 06:34.509 >> server is looking for. 06:34.509 --> 06:37.130 >> The first thing my local DNS server 06:37.130 --> 06:38.480 does is it goes out to 06:38.480 --> 06:40.310 the internet and contacts a route server. 06:40.310 --> 06:43.850 There are multiple routes servers out on the Internet. 06:43.850 --> 06:47.210 This is like the ultimate point of origin for DNS. 06:47.210 --> 06:49.475 The DNS resolver says, "Hey, route, 06:49.475 --> 06:53.350 do you happen to know where www.google.com is?" 06:53.350 --> 06:55.560 The route says, "Nope, but I do know 06:55.560 --> 06:57.660 where the.com server is." 06:57.660 --> 06:59.900 My local DNS server then goes to 06:59.900 --> 07:03.320 the top-level domain name server, .com in this case, 07:03.320 --> 07:07.840 and says, "Hey, do you know where www.google.com is?" 07:07.840 --> 07:09.750 The com server comes back and says, 07:09.750 --> 07:12.890 "Nope, but I do know where the Google name server is." 07:12.890 --> 07:15.770 My DNS server then sends a query to Google and says, 07:15.770 --> 07:18.800 "Do you know where www.google.com is?" 07:18.800 --> 07:21.055 Google says, "Yes, I do. 07:21.055 --> 07:23.790 Here's the IP address for our web server." 07:23.790 --> 07:26.585 That's passed back to my local DNS server, 07:26.585 --> 07:27.800 who was the resolver, 07:27.800 --> 07:29.990 who then passes it back to me as the client. 07:29.990 --> 07:34.300 Now, I'm able to connect to Google's web server by IP. 07:34.300 --> 07:37.110 Now, there are other ways to expedite this. 07:37.110 --> 07:38.550 There's cash and there are 07:38.550 --> 07:40.295 some other things you can configure. 07:40.295 --> 07:41.630 But in and of itself, 07:41.630 --> 07:43.250 this is the hierarchy that 07:43.250 --> 07:46.115 DNS uses to provide name resolution. 07:46.115 --> 07:48.980 Don't forget, DNS is really critical 07:48.980 --> 07:51.830 on the network because in addition to name resolution, 07:51.830 --> 07:54.140 it also tracks critical services 07:54.140 --> 07:55.910 where your mail servers are. 07:55.910 --> 07:58.535 It's needed for troubleshooting utilities. 07:58.535 --> 08:00.860 DNS is really important. 08:00.860 --> 08:03.350 It's a hierarchical database starting out at 08:03.350 --> 08:07.350 the root with the top levels and then secondary levels.