(Ebook - PDF - Cisco Press) DNS, DHCP and IP Address Management

806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 1
DNS, DHCP, and IP

Address Management
Session 806
806
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 1
DNS and DHCP Challenges
Manual
Processes
Public Policies
Domain Based on
Software IP Addresses
Intelligent
Network
Users Applications
User
Provisioning User-Based
Scalable Automated Policy
Reliable Network Networking
DNS/DHCP Addressing
Services
806
Managing Names and Addresses
Custom
Edit by Hand Spreadsheet
Application
806
Migrating to Directories
Etc. Many
Users DNS
DNS Firewall
Firewall
Firewall 2000 Directory

DHCP
DHCP Policy
Policy
DNS
1990’s
DHCP
PC
PC Inventory
Inventory
Multiple Single
Sources Source
of Data 1980’s of Data
Dial-In
1970’s
E-Mail
Few
Users
806
Protocol Overview
DNS and DHCP
806
How DNS Works
DNS Namespace
cisco.com zone
• Hierarchical name space (root)
• Each node in tree represents COM
domain/subdomain
CISCO
CISCO
• Some subdomains are defined
as zones
WWW
WWW TIMSPC
TIMSPC RTP
RTP
• Each zone has a “primary”
name server responsible for
all lower nodes
• Resource records (RR) are defined
for each node
• Example RRs are: Address (A),
pointer (PTR), mail exchange (MX),
timspc.cisco.com
name server (NS), start of
authority (SOA)
806
How DNS Works

DNS Queries
• Clients query local DNS Root Name
server for IP addresses Server
• Local server starts with .COM Name

Server
the root name server and
recursively queries DNS
CISCO.COM
servers until it finds a Name Server
server that has the answer
Local
• Local servers send DNS
answers back to the Server www.cisco.com
clients and cache A. 161.44.10.9
the answers
Q. What Is the IP Address DNS Client Outside

for www.cisco.com? of Cisco Network
806
DNS Redundancy
Primary Name Server
• Redundancy is built into DNS for CISCO.COM
• Secondary servers automatically

backup primary servers
• Secondary servers check the
primary for changes in the zone
serial number
• Updates controlled by the
refresh rate in SOA record
for zone
• Use Notify and Incremental Zone
Transfers to reduce propagation Secondary DNS Secondary DNS
delay and bandwidth utilization Server for Server for
• Spread secondary and caching CISCO.COM DNS Client CISCO.COM
DNS servers liberally Old

Old Zone
Zone Transfer
Transfer New
New Zone
Zone Transfer
Transfer
1.
1. Secondary
Secondary Checks Checks the
the Serial
Serial 1.
1. Primary
Primary DNS
DNS Server
Server Sends
Sends aa
throughout the network Number
Number of of the
the Zone
Zone NOTIFY
NOTIFY Message
Message to to Secondary
Secondary
2.
2. IfIf ItIt Has
Has Changed,
Changed, Secondary
Secondary When
When the
the Zone
Zone Data
Data Changes
Changes
Requests
Requests aa Zone Zone Transfer
Transfer 2.
2. Secondary
Secondary Requests
Requests anan
3.
3. Primary
Primary Sends Sends the
the Entire
Entire Incremental
Incremental Zone
Zone Transfer
Transfer
Zone
Zone to to Secondary
Secondary 3.
3. Primary
Primary Only
Only Sends
Sends the
the
Changes
Changes toto Secondary
Secondary Server
Server
806
How DHCP Works

Obtaining a Lease
Send My
• Dynamically assigns Configuration
configuration information DHCP Information
Server
• Creates IP address pools
to conserve addresses
and support mobile users
• Clients broadcasts DHCP DHCP
Discover packet on Client
local subnet
Here is your configuration:
• Multiple servers IP Address: 192.204.18.7
can respond Subnet Mask: 255.255.255.0
Default Routers: 192.204.18.1, 192.204.18.3
• Client chooses first DNS Servers: 192.204.18.8, 192.204.18.9
WINS Server: 192.204.18.9
or best response Lease Time: 5 days
806
How DHCP Works
DHCP Discover Process
Server 1 Client Server 2
R DIS
• DHCP client broadcasts VE COV
ISCO t) (Br
oad ER
D s cas
DHCP DISCOVER packet (Br
oad
ca t)
on local subnet ER
OF OFF
FE t)
(U icas
• DHCP servers send nic
as t)
R ( Un
OFFER packet with lease

information REQ
T
UES UES
• DHCP client selects lease REQ ast) (Br
o
T
adc
adc ast
(Bro
and broadcasts DHCP )
REQUEST packet ACK

s t)
• Selected DHCP server ica
( Un
sends DHCP ACK packet
806
How DHCP Works

DHCP Packet
Hardware Hardware
OP Code HOPS
Type Length
Transaction ID (XID)
Seconds Flags
Client IP Address (CIADDR)
Your IP Address (YIADDR)
Server IP Address (SIADDR)
Gateway IP Address (GIADDR)
Client Hardware Address (CHADDR)—16 bytes
Server Name (SNAME)—64 bytes
Filename—128 bytes
DHCP Options
806
How DHCP Works
DHCP Options
• Server passes Common DHCP Options

configuration options
Option Code
to client Lease Time 51
Subnet Mask 1
• Over 100 options defined Default Routers 3
DNS Servers 6
• Most DHCP clients support Domain Name 15
approximately 10 options Host Name 12
WINS Servers 44
• Custom and vendor NetBIOS Node Type 46
options available Client Identifier 61
806
What’s New in DNS and DHCP
• New DNS standards

Dynamic DNS updates (RFC 2136)
Incremental Zone Transfers (RFC 1995)
Notify (RFC 1996)
• New DHCP standards
DHCP Safe Failover (Internet draft)
806
Dynamic DNS Updates, Notify, and
Incremental Zone Transfers
Cisco Network Cisco Network
sbombay-
sbombay-
Registrar DHCP pc.cisco.com
pc.cisco.com IP:
IP:
Registrar Primary
Server 172.16.18.74
172.16.18.74
DNS Server
Host:
Host: Notify
Notify
sbombay-pc
sbombay-pc Message
Message
IP
IP Address:
Address:
172.16.18.74
172.16.18.74 IXFR
IXFR
Only
Only changed
changed information
information is
is sent
sent
sbombay-pc.cisco.com
sbombay-pc.cisco.com Request
Request
172.16.18.74
172.16.18.74 WAN
DHCP
Client
• Dramatically reduces propagation delay
• Dramatically reduces WAN bandwidth utilization
• Integrates DHCP and DNS Secondary
806 DNS Server
DHCP Safe Failover Protocol

Backup DHCP
Server
• All DHCP requests are sent
to both servers Primary DHCP
Server
• Primary updates backup
with lease information
• Backup takes over when
primary fails Primary
Primary Address
Address Pool
Pool Backup
Backup Address
Address Pool
Pool
• Backup server uses 172.16.18.101-200
172.16.18.101-200 172.16.18.191-200
172.16.18.191-200
dedicated pool of addresses

allocated by the primary to
prevent duplicate IP address
• Servers synchronize when
primary is up
• IETF Internet Draft
806
DNS Issues
806
Split DNS
External www.cisco.com
• Two “primary” DNS Internet DNS mail.cisco.com
servers for the domain Server ftp.cisco.com
• Hides the structure of
the internal network
• Internal clients point to
internal DNS servers
• External server www.cisco.com
publishes web, mail, mail.cisco.com
ftp and other external Internal
ftp.cisco.com
servers Network
wwwin.cisco.com
• Internet DNS servers
delegate to external callmanager.cisco.com
primary DNS server erpserver.cisco.com Internal
timspc.cisco.com DNS
eng-web.cisco.com Server
806
Selective Forwarders
Root
DNS Server
External External
DNS Internet DNS
Server
Server
Big.com Small.com
Connect to
erp.small.com
Internal
Internal erp.small.com DNS Server
DNS Server
806
WINS
• Windows Internet
Names Service (WINS)
NetBIOS Names
Service (NBNS)
Windows NT file and
print services
Flat name space
• Coexists with DNS
• Scaling problems in
large networks
• Going away with
Windows 2000!
806
Windows 2000 and
Active Directory
• Coming soon!
• DNS requirements
Dynamic DNS updates
(RFC 2136)
SRV records
• Active directory is
dependent on DNS
• WINS is phased out
806
DHCP Issues
806
DHCP in a Routed Network
• DHCP clients broadcasts Router with DHCP Relay

a DHCP discover packet interface se0
• DHCP relay (ip helper address) ip helper 161.44.54.7
on the router hears the DHCP ip helper 161.44.54.8 DHCP
Discover packet and forwards Server DHCP
(unicast) the packet to the 161.44.54.7 Server
DHCP Packet 161.44.54.8
DHCP server
• DHCP relay fills in the GIADDR
GIADDR 161.44.18.1
field with IP address of the
primary interface of router
• DHCP relay can be configured to
forward the packet to multiple Physical Network
DHCP servers. Client will choose 161.44.18.0
the “best” server
• DHCP servers use GIADDR field of DHCP
DHCP Discover packet as an index Client
in to the list of address pools
806
DHCP in a Switched Network
• Cisco IOS® allows DHCP Packet Router

multiple addresses on with DHCP
an interface which GIADDR
DHCP Server
implies multiple logical Relay
networks on same
192.204.18.1 Primary
physical network 192.204.19.1 Secondary
Catalyst®
• DHCP relay inserts first 192.204.20.1 Secondary
Switch
IP address of interface 192.204.21.1 Secondary
in GIADDR field
• Most DHCP servers can One Physical Network
create an address pools Four Logical Networks
with multiple logical 192.204.18.0 DHCP DHCP
192.204.19.0 Client Client
networks. This is also
192.204.20.0
known as super scopes 192.204.21.0
806
DHCP Security
• DHCP lacks built in security

Any client can get an address
Any server can allocate an address
• Client class in CNR
Create list of authorized MAC addresses
• IETF working on the problem
• Generally not an issue on most nets
806
IP Address
Management Issues
806
Private Network
Numbers (RFC 1918)
• Difficult to obtain new
network numbers Internet
• Unlimited addresses with
private network numbers
• Allows for flexible
addressing schemes Private
Network
• Requires NAT/PAT to 10.0.0.0/8
access Internet
Private Network Numbers

10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
806
NAT, PAT, and Dynamic NAT
Private Network
10.0.0.0/8
10.0.0.7 172.16.0.0/12 Internet
Internal Add. External Add. Translation Note

10.0.100.151 10.0.0.7 161.44.16.7 Static NAT Permanent Mapping for
Mail Server
172.16.4.57 10.0.100.151 161.44.16.105 Dynamic NAT VoIP Phone Calling on
the Internet
172.16.4.57 161.44.17.5 PAT Web client browsing Internet
Translation Mapping How It Works

Permanent
Permanent Mappings
Mappings between
between Internal
Internal
Static NAT Permanent—1 to 1 Servers
Servers to
to external
external addresses
addresses
Pool
Pool of
of External
External Addresses
Addresses Dynamically
Dynamically
Dynamic NAT Dynamic—1 to 1 Assigned
Assigned to
to Internal
Internal Clients
Clients for
for Duration
Duration
of
of Session
Session
Multiple
Multiple Internal
Internal Clients
Clients Share
Share Single
Single
PAT Dynamic—Many to 1
External
External Address
Address
806
NAT in PIX, and Cisco IOS
Packet with Embedded IP Address Translated Packet
SA: 10.0.5.8 NAT Mappings SA: 171.68.10.5 161.44.8.9

DA: 161.44.8.9 10.0.5.8 -> 171.68.10.5 DA: 161.44.8.9
Pool of NAT Addresses
171.68.10.2-100
10.0.5.8
10.0.5.8 171.68.10.5
Cisco
Translation Applications PIX
IOS
Easy Telnet, FTP, HTTP, Simple C/S Apps Yes Yes
Multimedia, H.323, NetBIOS, DNS, Dual NAT,
Difficult Yes Most
SQL*NET, Dynamic Port Negotiation
Impossible SNMP - -
806
Directory Services
Standard Schemas
• Directory Enabled Networks (DEN)

Started by Cisco/Microsoft, now owned by DMTF
• Schemas for DHCP being developed

Proposals from Microsoft, Novell, and IETF
806
Server Sizing
(100K, 10K, 1K, 100 Clients)
Nodes Minimum Server Configuration
Redundant
Redundant DHCP
DHCP Server
Server (Mid-Range
(Mid-Range UNIX
UNIX Servers—Sun
Servers—Sun Ultra
Ultra 250E,
250E,
Raid
Raid Disks,
Disks, 512
512 MB
MB RAM)
RAM)
100K Primary
Primary DNS
DNS Server
Server (Mid-Range
(Mid-Range UNIX
UNIX Server—Sun
Server—Sun Ultra
Ultra 250E,
250E, Raid
Raid Disks,
Disks, 512
512 MB
MB
RAM)Distribute
RAM)Distribute Secondary
Secondary andand Caching
Caching DNS
DNS Servers
Servers Throughout
Throughout Network
Network
Option
Option 1:
1: Redundant
Redundant DHCP
DHCP Servers
Servers (Mid-Range
(Mid-Range UNIX
UNIX Servers,
Servers, 384
384 MB
MB RAM)
RAM)
10K Option
Option 2:
2: Redundant
Redundant DHCP
DHCP Servers
Servers (High-End
(High-End NT
NT Servers,
Servers, 384
384 MB
MB RAM)
RAM)
Primary
Primary DNS
DNS Server
Server (Mid-range
(Mid-range UNIX
UNIX Server—Sun
Server—Sun Ultra
Ultra 250E,
250E, Raid
Raid Disks,512
Disks,512 MB
MB
RAM)
RAM) Distribute
Distribute Secondary
Secondary and
and Caching
Caching DNS
DNS Servers
Servers Throughout
Throughout Network
Network
1K Option
Option 1:
1: Two
Two Servers
Servers Running
Running DNS/DHCP
DNS/DHCP (Low-end
(Low-end UNIX
UNIX Servers—Raid
Servers—Raid Disks,
Disks, 256
256 MB
MB RAM)
RAM)
Option
Option 2:
2: Two
Two Servers
Servers Running
Running DNS/DHCP
DNS/DHCP (Mid-range
(Mid-range NT
NT Servers—Raid
Servers—Raid Disks,
Disks, 256
256 MB
MB RAM)
RAM)
Distribute
Distribute Secondary
Secondary and
and Caching
Caching DNS
DNS Servers
Servers Throughout
Throughout Network
Network
100 Option
Option 1:
1: Cisco
Cisco IOS
IOS DHCP
DHCP Server
Server on
on Any
Any Platform
Platform 1600,
1600, 2500,
2500, 3600,
3600, Etc.
Etc.
Provide
Provide DNS
DNS Service
Service Remotely
Remotely Across
Across WAN
WAN
Option
Option 2:
2: CNR
CNR on
on aa Small
Small Windows
Windows NT
NT System
System to
to Provide
Provide DNS
DNS && DHCP
DHCP
Performance Factors
Number of Nodes, Number of Queries, DHCP Lease Time, and Disk I/O Performance
806
Example Network Designs
806
Large Campus
Corporate
• Large campus networks require
high-performance, redundant DNS Data Center
and DHCP servers to support Primary
multiple 10,000s of nodes
DNS
• The server functions need to be Server
split across multiple servers in
a cluster
• Build a cluster with at least three
servers, one primary DNS and two
redundant DHCP servers. An
additional DNS server can used to
provide secondary DNS service
DHCP DHCP
• DNS servers need high Server 1 Server 1
performance disk I/O (preferably a
RAID system) to keep up with
dynamic DNS updates
Secondary
• Each major location around the DNS
world—U.S., Europe and Asia Server
needs a cluster
806
Large Branch Offices
• Organizations with a large Primary DNS Secondary

number of remote branch
offices with a UNIX or NT Server for DNS
server at each remote site. Company Zone Server
Typically 20-200 nodes/site Bigco.Com
• At each of the remote sites, Corporate Headquarters
an organization should
deploy at least one DNS and
DHCP server, two for
redundancy. The redundant
DHCP server could be at HQ Corporate
• Each location could have a WAN
separate domain for the site
and a primary DNS server at DNS and
the location. This depends DHCP Servers
on the WAN bandwidth
• This configuration survives
WAN outages DNS and Store
Store Number:
Number: 1007
1007
DNS and Zone:
Zone: st1007.bigco.com
st1007.bigco.com
DHCP Servers
DHCP Servers
806
Small Branch Offices
• Organization has a large
number of remote sites and
less than 20 nodes per site. Primary DNS Redundant
Remote sites should have Server for DHCP
dial-backup connections for Store Zones Servers
redundancy. DHCP/Bootp
relay is enabled on router
Corporate Headquarters
• At HQ deploy cluster of
redundant DNS and DHCP DHCP/Bootp Relay
servers to provide service
to remote sites (aka IP Helper)
• Each location could have a Corporate
separate domain. Primary WAN
DNS server for each remote
DNS and
site zone is in HQ. If
available, run a secondary DHCP Servers
DNS server in the remote
site for the remote site zone
using IXFR and NOTIFY Secondary Store
Store Number:
Number: 1007
1007
DNS Zone:
Zone: st1007.bigco.com
st1007.bigco.com
Server
806
Small Office/Home Office
• SOHO users can connect to the

corporate network using ISDN,
DSL or Frame Relay
• Use the Cisco IOS DHCP server
Corporate
to provide addresses for WAN
devices in the SOHO. Use a
private, unregistered
network number
Cisco Cisco IOS
• Use Port Address Translation DHCP Serve Port
to converse IP addresses Address Translation
• Provide DNS services from

the corporate network
806
Provisioning IP Phones
10.0.100.15 10.0.100.21 IF MAC Address = Phone Mac Address

Then
CNR IP Address = 10.0.100.X
DHCP Else
Server IP Address = 161.44.12.X
DHCP Extension
Point Script
Primary IP address = 161.44.12.1

161.44.12.45 161.44.12.53 Secondary IP address = 10.0.100.1
• Deployment of IP phones will require a large number of new IP addresses
• Private network numbers (RFC 1918) should be used for IP phones
• Cisco Network Registrar is able to distinguish between PCs and IP phones
using a DHCP extension point script
• DHCP server distributes additional configuration information to IP phones
806
Custom Application
User Registration
• Boston College (BC)
EagleNet activation
• Users must “activate”
Minimal documentation
Enter name and BC PIN
Activation
• Four activated classes
Web Page Other BC
Student, staff Network
Guest, device Resources
• Existing DB updated
User name/MAC
• Help desk load User DB
60% fewer calls
806
Cisco IOS DHCP
Server Configuration
! Start DHCP Server
service dhcp
!
! Store DHCP Lease database on tftp server
ip dhcp database tftp://tftp.cisco.com/dhcp. db
!
!
! Create DHCP address pool for the 10.0.0.0/28 network
ip dhcp pool subnet-10
lease 3 0 0 <-- lease time of 3 days 0 hours 0 minutes
network 10.0.0.0 255.255.255.240 <-- Defines address pool with addresses 10.0.0.1 - 10.0.0.14
dns-server 171.68.10.70 171.68.10.140
domain-name cisco.com
netbios-name-server 171.68.235.228 171.68.235.229
netbios-node-type h-node
option 150 ip 172.16.24.12 <-- Defines custom option with IP address
default-router 10.0.0.1
!
! Create static mapping for the 10.0.0.5 address - i.e. BootP
ip dhcp pool manual
host 10.0.0.5
client-identifier 010a.1211.2e3c.4a
!
! Exclude 10.0.0.1 - 10.0.0.5 from DHCP pool
ip dhcp excluded-address 10.0.0.1 10.0.0.5
806
Product Update
806
Cisco Network Registrar 3.0
• Reliable and scalable services

DHCP Safe Failover
DDNS, IXFR and notify
Multithreaded servers
SNMP traps
Web reporting tool
Solaris, NT, HP-UX and AIX
• Flexible integration
LDAP integration
CLI and API
• Policy networking
Client class
LDAP integration
806
Reliable and Scalable Services
Secondary
DNS Server
Web- DHCP Primary
Server DHCP DNS
Based Server
Server
Reports
WAN
Network BootP
Management Client
DHCP
Station Secondary
Client
DNS Server
• Redundant DHCP and DNS services
• Integration with Network Management Systems
• Web-based reporting tools
806
• High-performance, multithreaded servers
Integrating CNR with Existing
Management Applications
LDAP Client
DNS DNS CLI

Server Server
DHCP
Extensions
Custom
CNR GUI Internal DB
Applications
• Build custom network management and

provisioning applications using the CLI
• Custom DHCP processing using the
DHCP extension points
Custom
• Build custom web UI using CLI and Perl Extension
806
CiscoAssure Policy Networking

Address Ranges
Directory and Classes
• QoS and security QPM Java User
Console LDAP
policies enforced Groups
in the network Network Registrar
LDAP
Back End Distributed
• Polices based on
CORBA COPS Policy
applications Servers
• Policies based on COPS SNMP CLI
IP
IP Precedence,
Precedence, RSVP
RSVP
users and groups Application
Application Recognition
Recognition
• Integrated with
directory services
Router Multilayer Multiservice
• Integrate third Client Switch Switch
party applications Application
Application Signaling
Server
806
Directory-Based Management
of Names and Addresses
in
Coming
rly CY 2000
Ea
IPAM
Web App
DNS
DNS
DHCP DNS DNS DHCP
Server DHCP DHCP Server
Server Server
• Manage DNS names and IP addresses

• Multiple, simultaneous administrators
• Access control by zone and subnet
806
Cisco IOS DHCP Server
• Available in Cisco IOS 12.0(1)T or greater

• DHCP/Bootp server
Intelligent DHCP relay
Secondary addresses
PING before lease and custom options
• Caveats
DHCP lease information stored on remote
system using TFTP, FTP or RCP
No dynamic DNS or DHCP Failover
806
Summary
Secondary
DNS Server
DHCP Primary
Custom Server DHCP DNS
Server Server
Extension
BootP WAN
IP Phone
DHCP with DHCP Client
Client Secondary DNS Server
• Large networks require reliable and sophisticated DNS
and DHCP services
• Cisco has software to meet the DNS/DHCP requirements
for large networks
• Cisco is developing directory-based tools for managing
806 IP addresses and DNS/DHCP
Resources and
References
806
Cisco Information
• Cisco Network Registrar

http://www.cisco.com/go/cnr
30-day evaluation software
Data sheets, design guides,
and documentation
• Cisco IOS DHCP server documentation

http://www.cisco.com/univercd/cc/td/doc/product/
software/ios120/120newft/120t/120t1/easyip2.htm
806
Books
• DNS and BIND, 3rd Edition

By Cricket Liu and Paul Albitz, O’Reilly and Assoc.
• DHCP, A Guide to Dynamic TCP/IP Network Configuration
By Barry Kercheval, Prentice Hall
• LDAP, Programming Directory-Enabled Applications
with Lightweight Directory Access Protocol
By Timothy Howes, Ph.D. and Mark Smith, Macmillan
806
Web Sites
• Ralph Droms’ Web Site

http://www.dhcp.org
Ralph is the Chair of the IETF DHCP WG
• Internet Software Consortium
http://www.isc.org
Home of BIND and ISC DHCP Server
• John Wobus’ DHCP FAQ

http://web.syr.edu/~jmwobus/comfaqs/dhcp.faq.html
806
Mailing Lists
DHCP Mailing Lists DNS Mailing Lists

dhcp-v4@bucknell.edu namedroppers@internic.net
dhcp-serve@bucknell.edu To subscribe to mailing lists,

send e-mail to:
dhcp-dns@bucknell.edu listserv@bucknell.edu or
dhcp-v6@bucknell.edu majordomo@internic.net
And put the following on the
Mailing list archive at first line of your message
ftp.bucknell.edu subscribe <listname> Your Name
subscribe dhcp-v4 Tim Sylvester
806
DHCP RFCs and Internet Drafts
• RFC 1534—Interoperation Between DHCP and BOOTP

• RFC 1542—Clarifications and Extensions for the Bootstrap Protocol
• RFC 2131—Dynamic Host Configuration Protocol
• RFC 2132—DHCP Options and BOOTP Vendor Extensions
• RFC 2241—DHCP Options for Novell Directory Services
• RFC 2489—Procedure for Defining New DHCP Options
• ID—Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
• ID—Interaction between DHCP and DNS
• ID—Authentication for DHCP Messages
• ID—Multicast Address Allocation Configuration Options
• ID—DHCP Failover Protocol
• ID—Security Requirements for the DHCP protocol
• ID—Dynamic Host Configuration Protocol (DHCP) Server MIB
806
DNS RFC and Internet Drafts

• RFC1035—Domain Names—Implementation and Specification
• RFC 1996—A Mechanism for Prompt Notification of Zone Changes
(DNS NOTIFY)
• RFC 1995—Incremental Zone Transfer in DNS
• RFC 2136—Dynamic Updates in the Domain Name System (DNS
UPDATE)
• RFC 2181—Clarifications to the DNS Specification
• RFC 2182—Selection and Operation of Secondary DNS Servers
• RFC 2308—Negative Caching of DNS Queries (DNS NCACHE)
• RFC 2317—Classless IN-ADDR.ARPA delegation (RFC 2317)
• ID—Reserved Top Level DNS Names
• ID—Extensions to DNS (EDNS1)
• ID—Extension mechanisms for DNS (EDNS0)
• ID—Deferred Dynamic Domain Name System (DNS) Delete Operations
• ID—Simple Secure Domain Name System (DNS) Dynamic Update
806
Utilities
• NSLOOKUP
Command line DNS client for querying DNS servers
Available for UNIX and Windows NT
• DIG
Another command line DNS tool
• WINIPCFG
Admin UI for Windows 95/98 DHCP Client. Windows NT
version available on Windows NT Resource Kit
• Perl modules for DNS
Develop applications that talk to BIND
http://www.cpan.org
806
Please Complete Your

Evaluation Form
Session 806
806
806

(Ebook - PDF - Cisco Press) DNS, DHCP and IP Address Management

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

(Ebook - PDF - Cisco Press) DNS, DHCP and IP Address Management

Uploaded by

Copyright:

Available Formats

806

0963_05F9_c3 © 1999, Cisco Systems, Inc. 1

DNS, DHCP, and IP

Managing Names and Addresses

Firewall 2000 Directory

DNS and DHCP

How DNS Works

• Local server starts with .COM Name

Q. What Is the IP Address DNS Client Outside

• Secondary servers automatically

DNS servers liberally Old

How DHCP Works

OFFER packet with lease

REQUEST packet ACK

How DHCP Works

Your IP Address (YIADDR)

Server IP Address (SIADDR)

Gateway IP Address (GIADDR)

Client Hardware Address (CHADDR)—16 bytes

Server Name (SNAME)—64 bytes

• Server passes Common DHCP Options

What’s New in DNS and DHCP

• New DNS standards

DHCP Safe Failover Protocol

dedicated pool of addresses

• DHCP clients broadcasts Router with DHCP Relay

DHCP in a Switched Network

• Cisco IOS® allows DHCP Packet Router

• DHCP lacks built in security

Private Network Numbers

NAT, PAT, and Dynamic NAT

Internal Add. External Add. Translation Note

Translation Mapping How It Works

SA: 10.0.5.8 NAT Mappings SA: 171.68.10.5 161.44.8.9

• Directory Enabled Networks (DEN)

• Schemas for DHCP being developed

Example Network Designs

Large Branch Offices

• Organizations with a large Primary DNS Secondary

Small Office/Home Office

• SOHO users can connect to the

• Provide DNS services from

10.0.100.15 10.0.100.21 IF MAC Address = Phone Mac Address

Primary IP address = 161.44.12.1

• Reliable and scalable services

Reliable and Scalable Services

DNS DNS CLI

• Build custom network management and

CiscoAssure Policy Networking

• Manage DNS names and IP addresses

Cisco IOS DHCP Server

• Available in Cisco IOS 12.0(1)T or greater

• Cisco Network Registrar

• Cisco IOS DHCP server documentation

• DNS and BIND, 3rd Edition

• Ralph Droms’ Web Site

• John Wobus’ DHCP FAQ

DHCP Mailing Lists DNS Mailing Lists

dhcp-serve@bucknell.edu To subscribe to mailing lists,

• RFC 1534—Interoperation Between DHCP and BOOTP

DNS RFC and Internet Drafts

Please Complete Your

You might also like