You Need DHCP and DNS! How to Install Our Favorite IP Assistants

source: cybrary.it

What are we doing?

This lab consists of two exercises that guide us on how to install and configure a DHCP and DNS server for our network.

Why would we want to do this?

Managing IP addresses is no easy task, and thinking we could handle it all on our own must also mean we’ve come across some kind of real-life Limitless pill. Even so, trying to manage it without the aide of automation services like DHCP and DNS means we’d only be working hard, and not necessarily working smart. Plus, using services like DHCP and DNS to help aide us in IP address management, also provides us with an added layer of security that can better help us from cyber attacks.

Who would use this?

DHCP and DNS will and should be used by everybody using a device to connect to a network, but for this lab, it’ll mainly be anybody needing to manually set-up a network that doesn’t already have DHCP and a DNS server automatically enabled and configured.

Even so, this should be considered a baseline knowledge and skillset that any computer user would greatly benefit from acquiring.

Thoughts?

Even though I mentioned above that DHCP and DNS can provide us with added security to our network, it isn’t necessarily the whole truth. DHCP and DNS can be hacked and most definitely will be hacked. DHCP poisoning happens for one: Quickest advice for this would be to enable port security, enable/enforce DHCP snooping binding, always have http traffic (port80) be redirected to https (port443) and use SSH services like SFTP instead of FTP

DNS hijacking happens as well: Quickest advice for this would be to shut down unneeded DNS resolvers and ensure the needed resolver is behind a firewall, use a random source port, and be vigilant with patches and updates.

Vendor: Practice Labs

Lab: 1.12 — Install and Configure DHCP and DNS Servers

Lab Learning Outcomes:

  • Exercise 1 — Installing and Configuring DHCP
  • Exercise 2 — Installing and Configuring DNS

After completing this lab, we will be able to:

  • Prepare, Install and Configure DHCP
  • Configure Reservations on DHCP Server
  • Install and Configure DNS
  • Configure Forward lookup Zones on DNS
  • Change Dynamic IP Address to Static and Test Dynamic DNS Registration

CompTIA Network+ N10–007 Exam Objectives:

  • N10–0071.1: Explain the purposes and uses of ports and protocols (Protocols and ports, DNS 53, DHCP 67/68)
  • N10–0071.4: Given a scenario, configure the appropriate IP addressing components (Address assignments, DHCP)
  • N10–0071.8: Explain the functions of network services
  • DNS service:
  • Record types:
  • A, AAAA
  • CNAME
  • NS
  • PTR
  • Internal vs. External DNS
  • Forward vs. Reverse Forward Zones
  • N10–007–1.8: Explain the functions of network services
  • DNS service:
  • DHCP service:
  • Pools
  • IP Exclusions
  • Scope Options
  • Lease Time

Exercise 1

Installing and Configuring DHCP

Dynamic Host Configuration Protocol (DHCP) is a network service that leases IP addresses to computers on a network. DHCP streamlines the allocation of IP addresses to computers as it prevents duplicate IP addresses and ensures correct configuration of network settings like subnet mask, default gateway, and DNS because the IP address pool is configured typically on just one server.¹

After completing this lab, we’ll be able to:

  • Prepare, Install and Configure DHCP
  • Configure Reservations on DHCP Server

Task 1 — Prepare for Installation of DHCP

To prepare for installation of DHCP, perform the following steps:

Step 1: Connect to our PLABSA01 device. The Server Manager application window is open. Minimize the Server Manager for now, and open a Terminal Command Prompt, and enter:

Step 2: Detailed IP configuration of the server is displayed. Scroll up and locate the Ethernet adapter Ethernet section.

From this detail, verify that the values of the IP address, the subnet mask, and the default gateway are as follows:

IPv4 Address. . . . . . . . . . . : 192.168.0.4(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.250

DNS Servers . . . . . . . . . . . : 192.168.0.2

Task 1 Complete!

Task 2 — Install DHCP

In this task, we’ll be installing DHCP on the PLABSA01 server. We’ll be using the Windows PowerShell utility for this installation.

Step 1: On our PLABSA01 device, open Windows Powershell, and enter:

We’ll be informed of its progress with a progress bar in the window.

When the installation ends, we should get a message stating that the installation was complete. Minimize the Windows Powershell window.

Step 2: Restore the Server Manager window.

On the menu bar at the top, click Tools > DHCP.

The DHCP window appears. Maximize this window for easier viewing.

Note: It may take several seconds or longer for the DHCP window to appear.

Step 3: Expand the plabsa01 server and the IPv4 options.

Then right click IPv4 and select New Scope…

Note: If the server is listed as an IP address instead of plabsa01, reboot the device by hovering over PLABSA01 in the device pane and clicking reboot.

The New Scope Wizard appears. Click Next.

Step 4: On the Scope Name page of the wizard, type a name and a description for this scope.

Use the name PracticeLabs and a description of TestScope. Once complete, click Next.

Step 5: In this step, we’ll specify the IP address range that will be offered for lease along with the subnet mask that will be assigned to DHCP clients. We’ll configure the server to offer the whole subnet.

Enter a Start IP address of 192.168.0.1 and an End IP address of 192.168.0.254. Leave the Subnet mask parameters as they are. Click Next.

Step 6: In this step, we’ll specify which IP addresses will be excluded from the scope.

Exclude addresses 192.168.0.1 to 192.168.0.10 within which all statically assigned device addresses exist. Type-in this address range and click Add.

Step 7: Next, we’ll exclude the single address 192.168.0.250 which is the assigned default gateway to access the Internet.

To exclude a single address, type an address in the Start IP address only and click Add.

Also, set a delay of 100 milliseconds for the transmission of a DHCP offer message. Click Next.

Step 8: On the Lease Duration page, modify the lease time to 1 day. Click Next.

Step 9: DHCP allows us to configure additional options. On the Configure DHCP Options page, verify that the Yes, I want to configure these options now option is selected and click Next.

Step 10: In the Router (Default Gateway) page we’ll specify the IP address of the default gateway. We’ll enter the address 192.168.0.250 and Click Add. Once this is done, click Next.

Step 11: In the Domain Name and DNS Servers page, you will specify the parent domain as well as the DNS server that you will use. For the Parent Domain, enter: Practicelabs.com

For the DNS server, the IP address of 192.168.0.2 should already be configured. This is there because it is currently statically configured on the PLABSA01 device and this information has been taken from the current configuration.

Once we’ve configured the above, click Next.

We’ll not be configuring a WINS server. On the WINS Servers page, click Next.

Step 12: Next, we’re asked if we would like to activate this scope now. Make sure the Yes, I want to activate this scope now option is chosen and click Next.

On the Completing the New Scope Wizard page, click Finished.

Back on the DHCP window, notice that a new scope under the IPv4 section has been created and its status is **Active**.

Task 2 Complete!

Task 3 — Configure Reservations on DHCP Server

IP addresses can be set aside for important devices in your network to ensure that these devices will have their dedicated IP address. In this way, DHCP will reserve these addresses and offer them only to the devices you specify. To configure reservations, perform the following steps:

Step 1: Connect to our PLABWIN10 device, and open a Command Prompt Terminal and input:

Scroll up and locate the Ethernet adapter Ethernet 2 section. This is a second network card on the PLABWIN10 device that is configured to obtain its network configuration parameters via DHCP.

Examine the values for the following parameters. Our results may be different than those shown below:

If we have an IPv4 address of 169.254.X.Y on this interface, we may need to reissue the command until the IP address changes to 192.168.0.X. It may take up to several seconds for the DHCP process to complete.

Ethernet adapter Ethernet 2:

Connection-specific DNS suffix . . : Practicelabs.com

DHCP Enabled . . . . . . . . . . . . . . . . : Yes

IPv4 Address . . . . . . . . . . . . . . . . . . : 192.168.0.13 (Preferred)

Subnet Mask . . . . . . . . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . . . . . . . : 192.168.0.250

DHCP Server . . . . . . . . . . . . . . . . . . : 192.168.0.4

DNS Server . . . . . . . . . . . . . . . . . . . . : 192.168.0.2

Note that some parameters are purposefully left out of the above output.

Note the following:

  • The DNS Suffix
  • The state of DHCP on the device
  • The IP address issued by DHCP
  • The subnet mask
  • The lease start and expiry
  • The default gateway
  • The DHCP and DNS servers

Compare the above parameters with those configured on the DHCP server.

Within the Ethernet adapter Ethernet 2 section, make a note of the Physical Address. We’ll use this value later in this task.

Step 2: Switch to PLABSA01. The DHCP console should still be open.

Step 3: In the left pane, expand the console tree under IPv4 ( Scope [192.168.0.0] PracticeLabs and select the Reservations folder.

On the menu bar at the top, click Actions > New Reservation.

The New Reservation dialog box is displayed. Refer to the Physical Address of the PLABWIN10 device that we recorded earlier on in the task.

Step 4: In the Reservation name: text box, type:

In the IP address text box, type:

In the MAC address text box, type the physical address recorded earlier.

In the Description text box, type:

In the Supported types section, select Both.

Click Add.

A new empty New Reservation window appears. Click Close.

Step 5: Expand the Reservations node in the console tree on the left pane. Notice the reservation that you just added. Close DHCP console.

Task 3 Complete!

Task 4- Verify Reserved IP Address for PLABWIN10

In this task, we’ll verify that the second network interface of PLABWIN10 has indeed leased the configured lease an IP address from PLABSA01 server.

Step 1: Switch to PLABWIN10 device. In the command prompt window, issue the following command once again:

Scroll up and locate the Ethernet adapter Ethernet 2 section. Notice the IP address assigned to this adapter.

The IP address has not changed. This is because once a DHCP lease has been given, the device does not ask for a new address until the lease is expired or until an administrator explicitly shuts down and re-enables the interface.

Step 2: Right-click on the network status icon at the bottom right of the screen and choose Open Network & Internet settings.

On the Settings Status window, scroll down to click the Network and Sharing Center link.

Step 3: On the Network and Sharing Center, click the Change adapter settings link at the left.

Step 4: On the Network Connections window, right-click the Ethernet 2 network connection and select Disable.

Caution! Don’t do this on the Ethernet connection as this will cause you to lose connectivity to the device and you will have to start the lab from the beginning!

The interface is now greyed out and indicates that it is disabled.

Step 5: Again, right-click the Ethernet 2 network connection and select Enable.

A small message box appears indicating that the interface is being enabled.

Step 6: Once the interface is enabled, go back to the Command Prompt window and determine the IP address on this interface by issuing the following command once again:

Scroll up to the Ethernet adapter Ethernet 2 section and verify that the 192.168.0.16 address is now assigned, as expected.

Exercise 1 Complete!

Exercise 2

Installing and Configuring DNS

Doman Name System (DNS) is a network service that translates computer names or hostnames to numeric IP addresses or vice-versa. Although largely associated with the Internet, DNS can be used in a private network for the following benefits: Simplicity — computer names are easier to find than numeric IP addresses. Convenience- IP addresses can change, but computer names can remain constant.

In this exercise, we’ll learn to install DNS using the Windows PowerShell tool and to configure additional DNS parameters.

After completing this exercise, we’ll be able to:

  • Install and Configure DNS
  • Configure Forward lookup Zones on DNS
  • Change Dynamic IP Address to Static and Test Dynamic DNS Registration

Task 1 — Install DNS

To install DNS, perform the following steps:

Step 1: Connect to our PLABSA01 device. If the Server Manager is open, minimize it. Click the Type here to search icon and start typing:

The Windows PowerShell app appears in the menu. Click it to continue.

Step 2: The blue PowerShell window appears. Type the following command to install DNS on this server:

Press Enter.

The installation will begin, and we’ll be informed of its progress with a progress bar in the window.

When the installation ends, we should get a message stating that the installation was complete.

Minimize the Windows Powershell window.

Step 3: Access the Server Manager window.

On the menu bar at the top, click Tools > DNS.

Note: We may notice an exclamation mark on the Notifications icon in the toolbar. This is due to the fact that we previously installed DHCP. We can safely ignore this notification.

The DNS window appears. Maximize this window for ease of use.

Task 1 Complete!

Task 2 — Configure DNS

To configure DNS, perform the following steps:

Step 1: From the left pane, expand the PLABSA01 device under the DNS menu item. Details of this DNS server are displayed in the right pane.

Step 2: Right-click the PLABSA01 server and select Configure a DNS Server…

The Configure a DNS Server Wizard is displayed. On the welcome page, read the information and click Next.

Step 3: On the Select Configuration Action page, keep the default selection and click Next.

On the Primary Server Location page, keep the default selection of This server maintains the zone and click Next.

Step 4: The New Zone Wizard appears. On the Zone Name page, type the following in the Zone name textbox:

Click Next.

Step 5: On the Zone File page, keep the default selection of Create a new file with this file name: Click Next.

On the Dynamic Update page, ensure that Do not allow dynamic updates option is selected. Click Next.

On the Forwarders page, select No, it should not forward queries option and click Next.

The Searching for Root Hints dialog box is displayed.

Note: Windows Servers running the DNS service contain the root hints file. This file has information about the top level DNS servers that can be queried by Windows to resolve names outside of the authoritative DNS domains.

It searches for the Root Hints to complete the configuration. This will take a few seconds so please wait.

Step 6: On the completion page, click Finish.

The DNS dialog box is displayed. Read the information mentioned and use it to configure roots, if required.

Note: This DNS server does not have authority over PRACTICEIT.CO.UK. Therefore, we don’t need to configure root hints on this device, because this server is located in an isolated lab environment.

Click OK to close the dialog box.

The Completing the Configure a DNS Server Wizard window will automatically close.

On the PLABSA01 device, DNS server is now installed and configured.

Back on the DNS Manager window, exit it.

Task 2 Complete!

Task 3 — Configure Forward lookup Zones on DNS

Forward lookup zones in DNS are used for resolving fully qualified domain names (FQDN) to numeric IP addresses.

To configure forward lookup zones, perform the following steps:

Step 1: Click the Type here to search icon and start typing the following:

When the Administrative Tools app appears in the menu, click it.

The Administrative Tools window appears. Double click the DNS icon.

Step 2: The DNS Manager window is displayed. On the left pane, expand PLABSA01, then expand Forward Lookup Zone. Click the PRACTICEIT.CO.UK node. Right-click PRACTICEIT.CO.UK and select Properties.

The PRACTICEIT.CO.UK Properties dialog box is displayed. On the General tab, ensure that Type is set to Primary.

Step 3: In the Dynamic updates drop-down, select Non-secure and secure.

Click Apply and then click OK.

Dynamic updates of both types, secure and non-secure, are now allowed on the DNS server.

Close all the open windows to access the desktop.

Task 3 Complete!

Task 4 — Verify Dynamic DNS

Windows Server DNS can accept automatic updates from clients for the resource records found in its zone file. This greatly reduces administrative effort because DNS server can keep up with the changes in the network. For example, if the IP address of a computer is modified due to network configuration requirements, the computer will update its own resource record with the DNS server.

Note that we will be implementing this task on the PLABDC01 device which already has DNS installed.

Step 1: Connect to the PLABDC01 device.

If there are any windows open, you can safely close them. Access the DNS Manager by clicking the Type here to search icon, and start typing:

When the Administrative Tools app appears in the menu, click it.

Note: We can setup secure dynamic updates only if the DNS server is a domain controller and if the zone type is an Active Directory Integrated zone.

The Administrative Tools window appears. Double click the DNS icon.

Step 2: The DNS Manager window is displayed. Maximize the window for ease of use. Expand PLABDC01 from the left pane, and then expand Forward Lookup Zones and then expand the PRACTICELABS.COM node.

Right-click PRACTICELABS.COM, then select Properties.

The PRACTICELABS.COM Properties dialog box is displayed.

In the General tab, ensure that the parameter Type is set to Active Directory-Integrated.

Verify that Secure only for the Dynamic updates drop-down is selected.

Click OK.

The DNS server is now set for dynamic DNS operations.

Step 3: Back on the DNS Manager application window, select PRACTICELABS.COM domain and observe the resource records listed in the details pane at the right. Note that PLABWIN10 has two network interfaces installed. Recall that the second was activated during this lab — the PLABWIN10 Host (A) record with an IP address 192.168.0.16.

This is the dynamic IP address assigned to PLABWIN10 by DHCP server service running in PLABSA01.

Keep DNS Manager window open.

Task 4 Complete!

Task 5 — Change Dynamic IP Address to Static and Test Dynamic DNS Registration

In this task, we will change the IP address of PLABWIN10 to verify that PLABDC01 DNS can automatically update its DNS resource records.

Step 1: Switch over to the PLABWIN10 device. Close any windows that may be open. Go to system tray and right-click on the network icon and select Open Network & Internet settings.

On the Settings Status window, scroll down to access the Network and Sharing Center link.

Step 2: In Network and Sharing Center window, under the View your active networks section, click on Ethernet 2 link.

Make sure to click on Ethernet 2 and not Ethernet 1. Any changes made to Ethernet 1 may cause us to lose connectivity to the device, and we will have to reset the lab and start from the beginning.

Step 3: On the Ethernet 2 Status dialog box, click Properties.

Step 4: On the Ethernet 2 Properties dialog box, select Internet Protocol Version 4 (TCP/IPv4) and click Properties.

Step 5: On the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, select Use the following IP address option

In the IP address text box, type:

Click in Subnet mask text box and it should automatically be filled in with 255.255.255.0.

Similarly, click the Use the following DNS server addresses option and specify the IP address of the PLABDC01 device as the Preferred DNS server. That is, enter the following:

Clear the Default gateway text box of any IP address and keep Alternate DNS server blank.

Click OK.

Close all the open windows to reach the desktop.

Step 6: Click the Type here to search icon and type cmd and press Enter.

On the Best match popup menu displayed, select Command Prompt > Run as administrator.

Step 7: On the User Account Control dialog box, click Yes to continue.

Step 8: On the command prompt, we will force the registration of PLABWIN10 static IP address.

Type the following:

Press Enter.

Step 9: The command we entered in the previous step will register 192.168.0.226 as the new static IP address for PLABWIN10.

It may take about 15 minutes or more for the registration to appear in PLABDC01 server. Close command prompt window.

Step 10: Switch to PLABDC01. On the DNS Manager, select PRACTICELABS.COM node.

Click the Refresh button.

Step 11: Notice the new IP address 192.168.0.226 is now registered for PLABWIN10.

Keep DNS Manager open.

Task 5 Complete!

Task 6 — Creating a Reverse Lookup Zone

A reverse lookup zone translates the numeric IP address of a host to its fully qualified domain name. This zone is useful for DNS servers facing the public network like the Internet.

When an IP address is resolved to its fully qualified domain name, it verifies the identity of a host as a registered computer in an organization.

To create a reverse lookup zone, perform the following steps:

Step 1: On PLABDC01 server, DNS Manager is open. Expand the Reverse Lookup Zones node.

Then right-click Reverse Lookup Zones node and select New Zone

Step 2: On the Welcome to the New Zone Wizard window, click Next.

Step 3: On the Zone Type page, keep the default selections.

Click Next.

Step 4: In the Active Directory Replication Scope page, keep the default selections.

Click Next.

Step 5: On the Reverse Lookup Zone Name page, ensure that IPv4 Reverse Lookup Zone option is selected.

Click Next.

Step 6: On the Reverse Lookup Zone Name page, click on the Network ID text box and type:

Click Next.

Step 7: On the Dynamic Update page, keep the default settings.

Click Next.

Step 8: On the Completing the New Zone Wizard page, click Finish.

Keep DNS Manager window open.

Task 6 Complete!

Task 7 — Working with DNS Resource Records

In addition to Hosts (A) record and Service Location Records (SRV) that are automatically created in DNS server, there are other records that we can create and configure.

Pointer (PTR) records are used in Reverse Lookup Zones where an IP address is resolved to its fully qualified domain name. This record is useful to verify the identity of hosts that are accessible from the public Internet.

Canonical name (CNAME) is another name that we can assign to a host. This record is useful if the host is accessible from the public network and we would like to hide the real host name of a given device.

To create the PTR and CNAME records, perform the following steps:

Step 1: On PLABDC01, DNS Manager is open.

On the navigation pane at the left, navigate to Forward Lookup Zones and select the PRACTICELABS.COM node.

On the details pane at the right, right-click plabdc01 and select Properties.

Step 2: The Update associated pointer (PTR) record checkbox should be unchecked. Check it and click OK.

Step 3: Back on the DNS Manager, navigate to Reverse Lookup Zones and click 0.168.192.in-addr.arpa node.

Observe the PTR record of plabdc01.practicelabs.com.

Step 4: Right-click PRACTICELABS.COM node and select New Alias (CNAME)…

Step 5: On the New Resource Record window, in the Alias name text box, type:

In the Fully qualified domain name (FQDN) for target host: text box, type:

Click OK.

Step 6: The new alias is now added.

Step 7: To test if the PTR and CNAME records are resolvable, switch to PLABWIN10. If the Command Prompt is not already open, launch a command prompt as we did earlier.

Ping the PLABDC01 device by entering the following command:

Press Enter.

Step 8: Notice that 192.168.0.2 was resolved to its FQDN plabdc01.practicelabs.com.

On the next prompt, type:

Press Enter.

Step 9: You get a response from plabsa01 which comes from plabdc01.practicelabs.com.

This means that the CNAME record works.

Exercise 2 Complete!

We should now be able to:

  • Prepare, Install and Configure DHCP
  • Configure Reservations on DHCP Server
  • Install and Configure DNS
  • Configure Forward lookup Zones on DNS
  • Change Dynamic IP Address to Static and Test Dynamic DNS Registration

Anxious Buddhist | Hobby Eater | Maze Master

Anxious Buddhist | Hobby Eater | Maze Master