10 Network
10 Network
10 Network
Thursday, May 4, 2017 1:12 PM
From <https://hub.totalsem.com/content/2257#path=2257,2442,2443>
For example, we know names in a contact list in our phone but we don't necessarily know people's
phone numbers. It is easier to just remember peoples' names.
This web browser (purple) wants to talk to this web server (green) and the only thing associate
with this web server is an IP address.. So you can go into your web browser and type in
http://192.168.1.1 (or whatever the IP address is) and a web page will pull up. That's a bad way to
do things because as humans we're not good at remembering IP addresses (or telephone
numbers!). So we want to come up with a "Contact List System" for every server on the internet.
The "contact list system" is Domain Name System (DNS).
DNS' only job is to resolve IP addresses based off of Fully Qualified Domain Names (FQDN). It finds
Network+ Page 1
out what the IP addresses are for the FQDNs and hands them to your computer so it can then
work.
Example of a FQDN: www.totalsem.com
www.totalsem.com = HOST.SECONDARY.TOP‐LEVEL‐DOMAIN
This is the web server for Mike's company.
There are a number of top level domain names: .com, .org, .gov
The reason we use www is because it is a matter of convention. He could easily call it
timmy.totalsem.com but people wouldn't expect it.
If you had an ftp server you would use ftp.totalsem.com
If it was a mail server people would expect to use mail.totalsem.com
The "totalsem" part is the secondary domain.
The total length of a FQDN cannot be more than 256 characters.
Web browser (purple)
Web server (green)
I need to get that IP address to my web browser for it to be able to open the web page. To do that,
we use DNS.
The secret to DNS is DNS servers.
Network+ Page 2
Here is an authoritative server to the dell.com domain:
So www.dell.com is this IP address: www 68.109.30.145
If we can get something to query this DNS server, it has the info we need and is ready to give it to
us.
Your computer never directly queries a DNS server. Instead, we have our own DNS server.
DNS servers respond to DNS queries and they create DNS queries.
Built into your computer are DNS server settings. If you type ipconfig /all it will show DNS server
information.
These settings can be obtained through DHCP or you can type them in statically. However you get
them, your computer has some association with this DNS server.
My DNS servers:
These are Google's DNS servers for IPv4:
8.8.8.8
8.8.4.4
Network+ Page 3
Google Public DNS is a free alternative Domain Name System (DNS) service that is offered to
Internet users around the world. The public DNS service and servers that are offered are
maintained and owned by Google. It functions as a recursive name server providing domain
name resolution for any host on the Internet. The service was announced on 3 December
2009,[1] in an effort described as "making the web faster and more secure".[2][3] As of 2014,
Google Public DNS is the largest public DNS service in the world, handling 400 billion
requests per day.[4]
Google Public DNS operates recursive name servers for public use at the two following IP
addresses:[5] 8.8.8.8 and 8.8.4.4 for IPv4 service, as well as 2001:4860:4860::8888 and
2001:4860:4860::8844, for IPv6 access.[6] The addresses are mapped to the nearest
operational server by anycast routing.[7]
From <https://en.wikipedia.org/wiki/Google_Public_DNS>
Why should I use 8.8.8.8?
Actually, it is the DNS server of Google, it means that Google provides the DNS
and maintenance of this service, which means it is "more reliable" than some
another DNS servers due to the fact that is maintained by one of the biggest IT
companies of the world.
Also, according to Wikipedia, Google DNS provides some security functions that
other DNS haven't:
The service does not use third party DNS management software such as BIND,
instead relying on a custom-built implementation, with limited IPv6 support,
conforming to the DNS standards set forth by the IETF. It also only partially
supports the DNSSEC protocol.
Some popular DNS providers practice a form of DNS hijacking while processing
queries, causing web browsers to redirect to an advertisement site run by the
provider when a nonexistent domain name is entered, explicitly breaking the DNS
specification. In contrast, Google's service correctly replies with an NXDOMAIN
code in this situation, and as a result, many users are now using the service for this
reason alone
From <https://superuser.com/questions/424316/why‐should‐i‐use‐dns‐8‐8‐8‐8>
Your computer sends a query to the DNS server "What is the IP address for www.dell.com?"
Network+ Page 4
The first thing your DNS servers does is puts you on hold: "One moment please"
You can often see this at the bottom of your web browser if it says "Waiting for www.dell.com" ‐
you're actually waiting for this DNS resolution process to take place.
Your computer has built into it the DNS settings for your local DNS server. However, your DNS
server has built into it the Root Hints.
Network+ Page 5
The Root Hints are built into most DNS servers that are designed to resolve stuff. There are 13 IP
addresses that pretty much never change and these are called your Root DNS Servers. These are
all over the world. Depending on how your DNS server is setup, it will either randomly or round
robin go to one of these IP addresses ‐ the root servers.
We identify the root servers as just a little dot:
The root server's job is not to get you to Dell.com ‐ it responds back and says, "I can get you to the
closest .com server."
Then we have many many hundreds of these types of DNS servers. Their job is to be the main DNS
servers for .com, .gov, .mil, .edu, or whatever it might be.
Once your DNS server has this information, he goes to the .com servers and asks "what is the IP
address for dell.com?"
The .com server sends the info over to your DNS server.
Network+ Page 6
So now your DNS server has the IP address for dell.com
Once your server has that IP address, it can talk to that DNS server now.
Stored in your computer is a DNS cache
Computers and DNS servers cache IP address info for a time to enable faster resolution. Your
computer will store the IP address for www.dell.com for awhile in case it might need it again. The
DNS server also caches it so if another computer wanted to talk to www.dell.com we wouldn't
have to go through all this DNS resolution.
Our main job is making sure that our computers have DNS server addresses that they can get to.
That's a big issue. DNS servers go down all the time. So one thing we can do with our individual
computers is we can setup really popular DNS server names, like Google's 8.8.8.8 ‐‐ this is a super
powerful DNS server that works for just about anybody. You can type that into your individual
computer and it is often faster than your own ISP's DNS server.
Keep in mind that you may have your own in house DNS server and if you try to replace it with
google's your DNS server might be trying to help you resolve for local computers within your
network and that would be bad.
Network+ Page 7
2. The Domain Name System (DNS), Pt. 2
In this episode, Mike concludes his overview of DNS, covering everything from forward lookup
zones to AAAA records.
From <https://hub.totalsem.com/content/2257#path=2257,2442,2444>
There are many DNS servers out there. UNIX and Linux systems usually use BIND for DNS serving.
It is powerful but not fun to look at. Mostly setting up text files.
Windows Server comes with a DNS server. It's a GUI.
If you have 1 domain (i.e. totalsem.com) you don't have to have just 1 DNS server. If that 1 DNS
server goes down, no one will be able to get to anything on totalsem.com
Usually we have a primary DNS and a secondary DNS so if one goes down the other can take over.
You can have 1 DNS server for a whole lot of domains (i.e. totalsem.com, cheese.org, etc.). It can
handle that. Let's take a look at how DNS servers are setup:
Windows DNS Manager on Windows Server 2012:
Network+ Page 8
First, create a Forward Lookup Zone. These are what we use to resolve IP addresses from FQDNs.
Process for creating a new forward lookup zone:
1. Right click on Forward Lookup Zone
2. New Zone
3. Next
Network+ Page 9
4. Primary Zone: means I'm starting a whole new domain.
Secondary Zone: means I've already got a primary DNS server and I'm just setting up this DNS
server to be a backup.
5. Give it a name (the reason to use .local in a top level domain is because this particular domain is
not going to be on the internet, it's just going to be used in house. So there's no reason to call it
something like fred.com. Then you don't have to go through the process of registering your
domain name with an internet authority, usually my ISP).
Network+ Page 10
6. Hit Next at Create a new file with this file name: fred.local.dns
7. Here is how you handle updates. Keep in mind that people would love to get into a DNS server so
we have secure and non‐secure updates. He is going to allow both.
Network+ Page 11
8. Hit Finish
9. This folder shows that he has now created a Forward Lookup Zone
Network+ Page 12
There are 2 different types of records you will see in this folder.
1. Start of Authority (SOA): which DNS server is the primary, authoritative name server for a
domain/this particular domain name. He's names the computer 2012server ‐ it is also the SOA.
2. Name Server (NS): the primary is also a name server (2012server) but if I setup a bunch of
secondaries, they'd be showing up (in the DNS Manager > Forward Lookup Zones > fred.local) as
well. The 2012server is the SOA and the NS.
There's only going to be one SOA record per forward lookup zone but you can have lots of
different Name Servers depending on how much backup you wanted.
• Hostmaster = the email address of the human being who is in charge of the SOA in case there are
problems.
• [1] = an incrementer. Any time there is a change it will increase to the next number. If I have
secondary servers they will query this and see if the number has changed. If it has then they will
update their own records.
He right clicked in the area below the SOA and NS.
The most important record of all is the Host record. "New Host (A or AAAA)…"
Network+ Page 13
He created a New Host for a file server he has (named it server1 and typed in its IP address):
Add Host
Hit Done
Look at the DNS Manager and see the A record. This is the heavy lifter of DNS.
Now he set it up so if anyone queries this DNS server and they want the IP address for
www.fred.local they can get it (there's the record for them).
The other type of record is AAAA. This is just your regular host record also, but it's for IPv6
addresses.
Network+ Page 14
So we've seen SOA records, Name Server records, A records, AAAA records.
Here are a few more records that he added and I need to know for the test:
Alias (CNAME) = Canonical Name record. For aliases. If people expect a server to have a certain
name that we might not be using, you can use a CNAME record.
For example, he has a Host (A) record for server1. But people expect it to be called fileserver. So if
someone types in fileserver.fred.local it will go to server1.fred.local
Mail Exchange (MX) = we use DNS to deliver mail. If there is a mail service associated to fred.local
he has to have at least 1 MX record so as mail is being delivered it knows where to find the mail
server.
For example, the MX record goes to mail.fred.local
For more email servers, if they don't see an MX record they will look for an A record to deliver the
mail. Always try to put in an MX record.
The last one is a system resource: _tcp folder
Network+ Page 15
In the folder is a SRV record. He has an SRV record for an FTP server that points to ftp.fred.local
So if there's any type of service where people are trying to find out where it is located you can use
SRV (Service Location) records. These are actually fairly uncommon.
Mail gets its own special listing in DNS.
Your computer goes to Root Hints to get to the absolute top of DNS.
In summary (my words):
• We created a Forward Lookup Zone to resolve fred.local to an IP address
Network+ Page 16
• The Start of Authority ‐ the authorative Name Server for the domain ‐ is 2012server
• Name Server (NS) is also 2012server
• "A" record is server1.fred.local (FQDN) with an IP address of 202.13.214.23. This is for a file server
he has.
• "AAAA" record is server1ipv6.fred.local (FQDN) with an IP address of 2001::213:123:c23a:0001.
• CNAME (Alias) is fileserver, which takes you to server1.fred.local
• MX record is mail.fred.local
• SRV record is for an FTP server that points to ftp.fred.local
From <https://hub.totalsem.com/content/2257#path=2257,2442,2445>
There was a time when the internet was not run by DNS. Instead of DNS they had a HOSTS file. It's just a
text file. It was a listing of a bunch of names and their associated IP addresses.
DNS completely supplanted the HOSTS file as a concept. But the HOSTS file still exists! It's in every
computer that runs TCP/IP.
The HOSTS file will take precedence over DNS!
In Windows it is located under Windows/System32/Drivers/etc
Double click to open it.
The pound signs mean it is a commentary
Network+ Page 17
After all the commentary, you can put in an IP address and a name to essentially create a shortcut to
another computer!
(in this example 202.13.212.145 fred) ‐‐ he can type in fred and get to that machine
To play a little joke on someone:
1. Cmd > ping www.barney.com > he now has the IP address for www.barney.com (annoying
website)
2. Put this IP address in the HOSTS file and pick a website they go to a lot
3.
4. Reboot the computer
Network+ Page 18
5. Now whenever they go to www.totalsem.com it will take them to this IP address (to
www.barney.com ) instead!
www.barney.com = 184.25.204.34
4. Net Command
In this episode, Mike explores the venerable and still very useful net command to show things such as
user names, shared network resources, mapping network drives, and more.
From <https://hub.totalsem.com/content/2257#path=2257,2442,2446>
If you want to know what's happening on your network from the command line, one of your best tools is
the net command.
It pre‐dates Windows! It's old. It's been updated and improved and is on Windows 10.
Two commands:
Cmd > net
Cmd > net view
Network+ Page 19
Running net view lets you see what computers your computer can see in its workgroup.
Cmd > net user
Tells you who you are on the network. i.e. he's on the computer STUDIO, his account is called michaelm,
his account is an Administrator
Cmd > net view \\win10desktopvm
Lets you see the actual shares on that system. 2 folders shared on there: ShareMe and Users
Cmd > net use
Network+ Page 20
We can map the drive using net use. We will assign a drive letter to that shared folder.
Net use w: \\win10desktopvm\shareme
The command completed successfully.
This shared the shareme folder as a W drive.
Is not case sensitive when you name it.
You can use the net command to access a shared resource.
You can also share a resource on the local machine.
Cmd > Net share Dante=C:\Users\michaelm\Desktop\Dante
Anybody else can get to it in their Network folder or in the cmd line net use
Cmd > net accounts
Gives you a handy way to know what types of settings you have for all of your accounts.
Cmd > net start
Your machine has a bunch of network baked services
Network+ Page 21
Normally, you will run services.msc if you want to start and stop services
However, you can do some things through net start
He turned off the WWW publishing service by running cmd > net stop "World Wide Web Publishing
Service"
Net view command is the primary use of net command
From <https://hub.totalsem.com/content/2257#path=2257,2442,3775>
Network+ Page 22
A Windows system will do name resolution in a very specific order:
1. If it's a member of a domain, it will go to its domain controller which will also be its DNS server
and everything is done through DNS.
2. If you're not on a domain, you would traditionally use NetBIOS (ports 137, 138, 139) to handle
your name resolution. However, starting around Windows Vista a new protocol came around: Link
local multi‐cast name resolution (LLMNR)
3.
It runs on UDP port 5355. Basically, it is a vastly improved name resolving service ‐ much better
than NetBIOS. So if you're not on a domain, name resolution really depends on what version of
Windows you are running. On Windows 10 professional it uses NetBIOS and LLMNR
simultaneously ‐ whatever it can grab it does Name Resolution that was. In Windows home it just
uses LLMNR. We need a tool of the state of things right now: nbtstat
nbtstat does not play well with LLMNR unfortunately.
How nbtstat works:
He has a setup of a desktop (studio) and a laptop (student PC) plugged into a switch and his home
router is the DHCP server. Running on Workgroup.
Command prompt > nbtstat (brings up help)
Nbtstat ‐n
Network+ Page 23
Tells workgroup, name, and functionality
Workgroup: WORKGROUP
Name: STUDIO (one is to say he's a workstation so he can read other people's shared folders)
Name: STUDIO (one is to say he's a server so he can share folders up on the network)
Last 3 values are used by the browser managers. MCBROWSE means that this guy is the browser
manager.
How does he know about other computers on the network? The computer has a cache built into
him. To see that cache, type in nbtstat ‐c
The 2 biggest tools to use with nbtstat are:
Nbtstat ‐n : to make sure the names you think this computer actually are showing up in the listing.
Also making sure some type of transaction goes on with another machine to make sure it works.
When an error happens you know to start looking at things like: do I have a firewall in here? Do I
have a discovery protocol not turned on? Did I forget to turn on IPv4 and I'm just using IPv6?
There's a lot of things that can happen. Nbtstat's job to is to let you know that there is a problem ‐
you'll have to dig for yourself to find it and the resolution.
Nbtstat ‐a
Tells it to go to another computer with the ‐a switch and it shows you the registered information
for the other computer.
Network+ Page 24
We see from this output that this computer is on the WORKGROUP, it is on the list twice (once to
let us know it is a workstation, once to let us know that it is a server).
The server service is a service so you actually have to make sure it is turned on or off.
Nbtstat ‐r
Statistics in terms of what it's been doing lately.
There's a lot here because he's been talking to this computer for awhile. There's also gibberish.
NetBIOS was originally designed to have a maximum of 15 character names, all uppercase, no
spaces, no special characters. So today's Windows systems don't worry about that anymore. Since
nbtstat has never been updated it can't read them.
You see Resolved by Broadcast and Resolved by Name Server (WINS…not DNS). So only worry
about things resolved by Broadcast and never by name server.
Network+ Page 25
Other thing you can do is clear the cache:
You can do this through the command nbtstat ‐R
This clears the remote cache table
Nbtstat ‐RR
‐‐> all of your registered information gets re‐broadcast/re‐established out to the world.
Nbtstat is a NetBIOS tool. It doesn't work well with LLMNR. It can be helpful to make quick little
fixes when you can't find another computer out on your network.
Network+ Page 26
6. Dynamic DNS
In this episode, Mike explains how dynamic DNS works.
From <https://hub.totalsem.com/content/2257#path=2257,2442,2447>
These webcams are behind a NATted router.
In order to access these webcams, I have to know the IP address of the WAN side of my router.
Network+ Page 27
The problem is, I obtain this IP address via DHCP. So when his router plugs into his ISP, it is given
an IP address that changes from time to time. That's what makes these cameras hard to do long
term because the IP address of the WAN side of your router changes.
To get around this issue, we're going to use Dynamic DNS (DDNS):
Dynamic DNS works in a very simple way. You have some kind of client, behind the NATted part of
the router, and it will go out on the internet and talk to a DNS service (there are companies out
there who provide DDNS as a service). They will talk and grab the WAN IP address and these DDNS
service companies have their own DNS servers, so my WAN IP address will be placed on a domain
name of my choosing. To make all of this happen, we need to pick a DDNS company and sign up
with them. Mike is going to use TZO.com.
Network+ Page 28
Mike signed up for a 14‐day trial account for this demo. He signed up for the domain tzo.org
He gave himself the name desweds.tzo.org and it's going to link in to the WAN IP address.
TZO key is a feature of TZO's so you have to pay for it after 14 days.
First, download the client
The client goes out onto the internet and starts talking to its DNS servers.
You can check the status of your DNS servers by going to the TZO site
Network+ Page 29
It knows his IP address because the client told it
Next, he goes into his router and sets up port forwarding so anything that comes in through the
internet (HTTP / port 80) goes to the camera itself: 202.13.212.107
In summary: He now has desweds.tzo.org signed up to the WAN IP address of his computer. He's
got port 80 forwarded so when you hit the router it will go through to the camera. He is actually
not using the IP address ‐ he's using a DDNS address.
He plugged the camera in, opened a browser, typed in desweds.tzo.org and it went to his camera
Network+ Page 30
DDNS allows us to take IP addresses that change (mainly DHCP addresses) and by using clients we
can talk to DDNS servers which will automatically update and always have the right IP addresses
for our devices. Benefit to this is, it is a lot easier to type in a FQDN than an IP address.
7. DNS Troubleshooting
In this video, Mike shows you what to do if you suspect you're having issues with DNS.
From <https://hub.totalsem.com/content/2257#path=2257,2442,2448>
"Mike the internet's down!"
"No, the internet's just fine. It's the part that you're trying to connect to that's down."
DNS troubleshooting is a big deal because DNS does tend to go down from time to time.
The #1 clue you've got a DNS problem is something like this:
Network+ Page 31
He likes Google Chrome because when there are problems, Chrome can often tell you where that
problem is. "The server at www.google.com can't be found because the DNS lookup failed."
The first indication you have a DNS problem is if you can't use DNS! If you try to type in a FQDN
and it fails.
Quick trick you can do to verify DNS is a problem: you have to know the IP address of a webpage
of some kind. For example: he opened a browser and typed in 149.20.54.45
Do I have a DNS problem?
Network+ Page 32
1. Check for misconfiguration
Run ipconfig /all
It says that his DNS server (for his wireless LAN adapter) is 23.44.55.66
If you're a network tech you should know that is not your DNS server
Go into your Network Connections > Wi‐Fi > Properties
Go into IPv4 Properties
See that it is not set to Obtain DNS server address automatically. It has Use the following DNS
server address: 23.44.55.66
He changed it to Obtain DNS server address automatically, ran ipconfig /all and the DNS servers
are now:
Network+ Page 33
These are the DNS server settings passed out by Mike's ISP.
His router gets DHCP settings from the ISP then it automatically passes that DNS information
down through DHCP.
He tested these settings by opening up a browser and going to google.com
It is standard for you to always have 2 DNS server settings. Your computer will always try to use
the Preferred DNS Server first, but if it failed it will automatically try to use the Alternate DNS
server.
Misconfigurations are pretty rare. The more common thing that happens is DNS servers just stop
working.
For example, they just moved www.totalsem.com and your computer may have cached local
copies of where this is. It's our job to wipe those caches and tell the computer: "Look, I know you
used to think that www.totalsem.com was at this IP address, but by wiping the cache it will tell it
to go to another place."
How to see your cache:
ipconfig /displaydns
‐‐> this shows all of the resolved DNS addresses that are being stored on your computer.
How to clear your cache:
ipconfig /flushdns
Network+ Page 34
Rather than using DNS addresses it had stored in its cache, the system now will go back to the DNS
server and force the resolution.
How to put in a replacement DNS server:
Control Panel > Network and Internet > Network Connections > Wi‐Fi > Properties > IPv4
Use the following DNS server addresses:
8.8.8.8 is the big Google DNS servers. They never go down!
Is my DNS server good?
You can query a DNS server to determine if it is working or not. There are 2 tools for this:
1. nslookup
2. DIG
nslookup = Name Server Lookup. Most DNS servers are designed to ignore anything that comes
from nslookup (because spammers were using it). This shows the address of your primary DNS
server.
Can also just type in server 8.8.8.8
Mike put in a fake DNS server in the command prompt and you can see that it didn't resolve due
to the Default Server showing [44.55.66.23]
Network+ Page 35
Type exit when done
If you want to have fun with DNS use a tool called domain information groper (DIG)
You need a third party tool to use this in Windows like EzDig.
If you have a Unix system you can use it in the command prompt.
First tell it what DNS server you want to use:
Network+ Page 36
Next, put in an arbitrary Query (just to make it do something):
Type A = see the A records for ftp.totalsem.com
It resolves back with a legitimate address:
This is telling me that the Google DNS server at 8.8.8.8 is a good DNS server.
If he puts in something that doesn't work (i.e. a bad DNS server) ‐ THUD! it does nothing.
The things you can still use nslookup and DIG for are:
1. Is this particular DNS server up and running?
2. Is this a DNS server?
One more DNS tool is ping!
Answers the question: is DNS working?
Ping www.totalsem.com
The ping has to resolve the FQDN to an IP address
*Make sure you know what an nslookup output looks like! Will be on the exam
Network+ Page 37
Network+ Page 38