Chapter 20
Understanding DNS and DHCP
Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) are important services we cannot live without today. DNS makes it possible to use friendly names like www.ajsnetworking.com for our popular blog sites (shameless plug) instead of having to type hard-to-memorize IP addresses like 209.18.47.62.
DHCP is even more critical than DNS. This service ensures that all your connected devices automatically receive the IP address information (including the DNS server address) that they need to communicate properly on the local network and beyond, to the Internet. This is an even bigger big deal when you realize that you need to connect many devices these days, including laptops, smartphones, tablets, TV streaming gadgets, and smart lights, and the list goes on.
This chapter covers the following essential terms and components:
▸ DNS
▸ DNS lookups
▸ Client DNS configurations
▸ DHCP
▸ DHCP server
▸ DHCP relay
▸ DHCP client
▸ Other DHCP assigned parameters
Topic: Describe DNS lookup operation
CramSaver
If you can correctly answer these CramSaver questions, save time by skimming the ExamAlerts in this section and then completing the CramQuiz at the end of this section and the Review Questions at the end of the chapter. If you are in doubt at all, read everything in this chapter!
1. What service resolves “friendly names” like www.certgym.com to IP addresses?
_________
2. Name two types of DNS records.
_________
_________
Imagine being able to communicate with devices on the Internet (or your company’s intranet) only by using the IP addresses of systems. The task would be nearly impossible because memorizing IP addresses for so many devices would be incredibly difficult. DNS prevents this nightmare.
DNS resolves a “friendly” name like www.pearsonvue.com to the IP address that devices truly need to reach that particular remote system. We use DNS every day, as you might guess. Notice that what I’ve just referred to as a “friendly name” is actually a domain name. It is a structured name consisting of three parts: www, pearsonvue, and com.
DNS can refer to a private RFC 1918 address space inside your organization or to the public, globally routable IPv4 address space on the Internet. You can also have your internal private DNS servers interact with public DNS servers.
DNS delegates the responsibility of assigning domain names and mapping those names to Internet resources by designating authoritative name servers for each domain. Network administrators may delegate authority over subdomains of their allocated namespaces to other name servers. This approach provides a fault-tolerant design and eliminates the need for everyone to rely on one single huge database.
Remember that DNS refers to this structure of naming (for example, www versus com in www.example.com) as well as the technical details of the protocol itself (for example, what messages are exchanged and how data is processed in the system).
Remember, DNS provides translation services between the domain name hierarchy and the address spaces. A DNS name server is a server that stores the DNS records for a domain; a DNS name server responds with answers to queries against its database.
The most common types of records stored in the DNS database are as follows:
▸ Start of authority (SOA)
▸ IP addresses (A and AAAA)
▸ SMTP mail exchangers (MX)
▸ Name servers (NS)
▸ Pointers for reverse DNS lookups (PTR)
▸ Domain name aliases (CNAME)
DNS databases are traditionally stored in structured files called zone files. These zone files contain the records that are the lifeblood of DNS.
CramQuiz
1. Which statement about DNS is false?
A. DNS operates thanks to one central master database.
B. DNS resolves domain names to IP addresses.
C. DNS uses many types of records to do its job.
D. Multiple DNS servers are typically available for a client.
2. What device is responsible for each DNS domain?
A. Master DNS
B. Authoritative name server
C. Zone file server
D. DNS client
CramQuiz Answers
1. A is correct. DNS creates a distributed database to prevent reliance on one central master database. Note the tricky nature of this question. Choice D is semi-true and semi-false. While it is true that multiple DNS servers are often available to clients, many clients are often configured with just one DNS server. In many (if not most) home networks, the home gateway also acts as the only DNS server available to all the home network’s devices; this is the case in Example 20.1, later in this chapter. At the same time, public DNS servers are available to all these same devices (Cloudflare’s 1.1.1.1, or Google’s 8.8.8.8, for example). So while the falsehood of the D choice hinges on the definitions of the words typically and available, and the statement could be interpreted as being conditionally either true or false, choice A is outright and unequivocally false, making it the best, and therefore right, choice.
2. B is correct. Each domain has an authoritative name server that helps manage the domain.
Topic: Troubleshoot client connectivity issues involving DNS
CramSaver
1. What Windows CLI command allows you to see the configured IP address information as well as the DNS server IP address?
_________
2. What Windows CLI tool allows you to learn information regarding a DNS lookup, including the DNS server name, address, non-authoritative response, and resolved addresses and aliases?
_________
3. What command specifies one or more DNS servers for a Cisco device to use?
_________
Ensuring that your clients are properly configured to use DNS is important for full functionality on the Internet today.
On a Windows client system, you can check the DNS settings by using ipconfig, with the /all switch, as shown in Example 20.1.
Example 20.1 Examining DNS Settings on a Windows Client
C:Users erry>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : DESKTOP-ABC123 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : my-router.home Ethernet adapter Ethernet: Connection-specific DNS Suffix . : my-router.home Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : 84-8F-69-F5-5F-3D DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::bc5e:a448:8dcc:72ce%3 (Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.191(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Monday3:33:08 AM Lease Expires . . . . . . . . . . : Friday 3:33:19 AM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 59019113 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-72-89-C7-84-8F-69-F5-5F-3D DNS Servers . . . . . . . . . . . : 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled C:Users erry>
Notice from the output in Example 20.1 that this client will send DNS requests to 192.168.1.1. This is, of course, a private-use-only address inside the network. This router receives public DNS server addresses automatically from the ISP so that it can resolve public website names that you want to visit.
Figure 20.1 shows the actual configuration for this Windows client in the Control Panel graphical user interface. Notice that the DNS information of 192.168.1.1 is being learned by this client automatically using DHCP.
Figure 20.1 DNS Settings Inside Windows
How do you verify that the Windows client can reach the DNS server and resolve domain names to IP addresses? One approach is to ping a known and reachable web server, using the friendly name. Example 20.2 demonstrates this approach.
Example 20.2 Checking DNS Functionality by Using ping
C:Users erry>ping www.cisco.com
Pinging e144.dscb.akamaiedge.net [23.202.192.170] with 32 bytes of data:
Reply from 23.202.192.170: bytes=32 time=35ms TTL=54
Reply from 23.202.192.170: bytes=32 time=37ms TTL=54
Reply from 23.202.192.170: bytes=32 time=36ms TTL=54
Reply from 23.202.192.170: bytes=32 time=35ms TTL=54
Ping statistics for 23.202.192.170:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 35ms, Maximum = 37ms, Average = 35ms
C:Users erry>
ExamAlert
As discussed later in this chapter, you can configure a Cisco router or switch as a DNS client. Do not ignore the Windows client information, however.
If you would like to receive even more information about the DNS lookup process, you can use the nslookup command. Example 20.3 demonstrates this powerful tool.
Example 20.3 Using nslookup to Verify DNS
C:Users erry>nslookup www.cisco.com
Server: ACME_Quantum_Gateway.my-router.home
Address: 192.168.1.1
Non-authoritative answer:
Name: e144.dscb.akamaiedge.net
Addresses: 2600:1408:10:18c::90
2600:1408:10:181::90
23.202.192.170
Aliases: www.cisco.Com
www.cisco.com.akadns.net
wwwds.cisco.com.edgekey.net
wwwds.cisco.com.edgekey.net.globalredir.akadns.net
C:Users erry>
Just as it can be convenient for a Windows client to use DNS, it can also be beneficial for Cisco routers and switches to use DNS. Table 20.1 lists some of the commands available on these devices.
Table 20.1 DNS-Related Commands on Cisco Devices
Cisco Command |
Description |
|---|---|
ip domain-lookup |
This command enables DNS-based hostname-to-address translation; it is enabled by default on Cisco devices. Note that this command is the legacy version of the ip domain lookup command (without the hyphen). |
ip name-server |
This command specifies the address of one or more DNS servers for the device to use for DNS resolution. |
ip domain-name |
This command defines a default domain name that the Cisco IOS software uses to complete unqualified hostnames. An unqualified name is the leftmost part of the dotted hierarchical domain name. For example, www is the unqualified name of a web server, whereas www.cisco.com is the fully qualified hostname. |
CramQuiz
1. What is a common Windows client setting for IPv4 DNS?
A. The use of only Google DNS public servers
B. To acquire DNS settings automatically via DHCP
C. To use the public IP address of the ISP’s router
D. To use a local loopback address
2. What command enables DNS-based hostname translations on a Cisco router and is enabled by default on many Cisco routers?
A. ip domain-name
B. ip name-server
C. ip domain-list
D. ip domain lookup
CramQuiz Answers
1. B is correct. A very common approach to DNS on Windows clients is to acquire this information dynamically.
2. D is correct. The ip domain lookup command enables DNS-based hostname resolution. This command is enabled by default.
Topic: Configure and verify DHCP on a router (excluding static reservations)
CramSaver
1. What is the default lease duration offered by an IOS DHCP server?
_________
2. Which feature allows a router to forward a client’s DHCP request to a remote DHCP server?
_________
Figure 20.2 shows a simple topology used in this section to configure a DHCP server using a Cisco router (R1) and to configure a Cisco router (R2) as a DHCP client.
Figure 20.2 The DHCP Server and Client Topology
Example 20.4 shows the configuration of R1, the DHCP server.
Example 20.4 The Configuration of the DHCP Server
R1# R1# configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)# interface fa0/0 R1(config-if)# ip address 10.1.1.1 255.255.255.0 R1(config-if)# no shutdown R1(config-if)# exit R1(config)# %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up R1(config)# ip dhcp excluded-address 10.1.1.1 10.1.1.10 R1(config)# ip dhcp pool CCNAEXAMCRAM R1(dhcp-config)# default-router 10.1.1.1 R1(dhcp-config)# dns-server 8.8.8.8 1.1.1.1 R1(dhcp-config)# option 150 ip 10.10.10.2 R1(dhcp-config)# network 10.1.1.0 /24 R1(dhcp-config)# end R1#
The commands in Example 20.4 that directly involve DHCP are as follows:
▸ ip dhcp excluded-address 10.1.1.1 10.1.1.10: This command tells the DHCP server not to assign the addresses from 10.1.1.1 to 10.1.1.10 to DHCP clients. For example, the 10.1.1.1 address is the static router interface address configured on R1’s fa0/0 interface. Even though the router is smart enough to not offer its own IP addresses to DHCP clients, the dhcp excluded-address command is the router’s only way to know not to offer statically configured IP addresses (of devices such as other routers, switches, printers, or file servers on the subnet).
▸ ip dhcp pool CCNAEXAMCRAM: This command creates a DHCP pool on R1. This pool of IP addresses will also contain the specific parameters to hand out to clients that lease addresses from the DHCP server.
▸ default-router 10.1.1.1: This command assigns the default gateway to clients of this DHCP pool.
▸ dns-server 8.8.8.8 4.2.2.2: This command sets a primary DNS server and a backup DNS server for the clients.
▸ option 150 ip 10.10.10.2: This command provides clients with the IP address of a TFTP server.
▸ network 10.1.1.0 /24: This command specifies the IP address assignments for the pool. Remember that we excluded a small portion of this network address space. As a result, we expect the first leased address to be 10.1.1.11/24.
ExamAlert
The network command used in DHCP configuration accepts a subnet mask or CIDR notation in its syntax.
Example 20.5 shows the configuration of a DHCP client function on a Cisco router.
Example 20.5 The Configuration of the DHCP Client
R2# R2# configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)# interface fa0/0 R2(config-if)# ip address dhcp R2(config-if)# no shutdown R2(config-if)# end R2# %SYS-5-CONFIG_I: Configured from console by console R2# %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up R2#
Notice the very simple configuration in Example 20.5. The command ip address dhcp configures a DHCP client interface.
Next, let’s begin verification on the server. Example 20.6 shows the use of the show ip dhcp binding command to verify the server’s operation.
Example 20.6 Verifying the DHCP Server
R1#
R1# show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
10.1.1.11 0063.6973.636f.2d63. 08:10 PM _______ Automatic
6130.332e.3066.6330.
2e30.3030.302d.4661.
302f.30
R1#
ExamAlert
Notice that the default lease duration for Cisco DHCP servers is one day. To see any IP address conflicts in your Cisco DHCP environment, you can use the command show ip dhcp conflict.
Example 20.7 shows a simple verification on the client. The show ip interface brief command allows you to quickly view the DHCP learned address on Fa0/0.
Example 20.7 Verifying Dynamic Address Assignment on the DHCP Client
R2# R2# show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 10.1.1.11 YES DHCP up up FastEthernet1/0 unassigned YES unset administratively down down FastEthernet1/1 unassigned YES unset administratively down down R2#
What happens if your DHCP server is not on the same subnet with the clients that need it? One option is to configure a DHCP relay agent. This is a router that hears the DHCP requests from clients and forwards them to the appropriate DHCP server. It is very simple to configure this relay agent. Figure 20.3 and Example 20.8 show a sample topology and configuration. Note that the powerful ip helper-address dhcp-server-ip command gets the job done. The relay agent knows the address of the DHCP server, so it can successfully forward local DHCP traffic to the DHCP server.
Figure 20.3 The DHCP Relay Agent
Example 20.8 Configuring the DHCP Relay Agent
R2# R2# configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)# interface fa1/0 R2(config-if)# ip helper-address 10.1.1.3 R2(config-if)# end R2#
CramQuiz
1. What command ensures that a DHCP server does not lease out addresses you have statically configured elsewhere?
A. no dhcp-server assign-address
B. no dhcp-lease address
C. ip dhcp no-lease address
D. ip dhcp excluded-address
2. What command configures a default gateway in a DHCP server pool?
A. ip default-gateway
B. ip default-router
C. ip domain-server
D. default-router
3. What command configures a Cisco device as a DHCP client?
A. ip address auto
B. ip address dhcp
C. ip address learn
D. ip address dynamic
CramQuiz Answers
1. D is correct. Use the ip dhcp excluded-address command to create a range of excluded addresses from a DHCP pool.
2. D is correct. Use the default-router command in the DHCP pool to set the default gateway address.
3. B is correct. ip address dhcp, used in interface configuration mode, sets the interface to act as a DHCP client.
Topic: Troubleshoot client- and router-based DHCP connectivity issues
CramSaver
1. Examine the following figure and the sample configurations. Why is the DHCP client failing to acquire IP address information?
R1# R1# show running-config Building configuration... Current configuration : 1343 bytes ! ! Last configuration change at 08:30:24 UTC Fri Aug 26 2016 ! upgrade fpd auto version 15.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! ... ! ! ip dhcp excluded-address 10.1.1.1 10.1.1.10 ! ip dhcp pool CCNAEXAMCRAM network 10.1.2.0 255.255.255.0 default-router 10.1.1.1 dns-server 8.8.8.8 4.2.2.2 option 150 ip 10.10.10.2 ! ! interface FastEthernet0/0 ip address 10.1.1.1 255.255.255.0 duplex half ! ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! ... R1# R2# R2# show running-config Building configuration... Current configuration : 1165 bytes ! ! Last configuration change at 08:49:30 UTC Fri Aug 26 2016 ! upgrade fpd auto version 15.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! ... ! ! ip tcp synwait-time 5 ! ! ! interface FastEthernet0/0 ip address dhcp duplex half ! ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ... R2#
_________
2. What command allows you to easily verify the lease assignments from the DHCP server?
_________
Many issues can prevent proper DHCP connectivity. Here are just some issues you should be aware of:
▸ Errors in router or switch configurations
▸ DHCP server configuration
▸ DHCP relay agent configuration
▸ DHCP server scope configuration or software defect
ExamAlert
Although many possible errors can be addressed on the CCNA 200-301 exam, watch out for server or client misconfigurations because these are the most common.
Four steps of the DHCP process must succeed for a successful DHCP lease:
Discover from the client
Offer from the server
Request from the client
Acknowledgment from the server
Remember the key verification commands for DHCP. show ip dhcp binding is critical for the server, and show ip interface brief works well for the client.
CramQuiz
1. Examine the following configuration:
R1# show running-config Building configuration... Current configuration : 1312 bytes ! ! Last configuration change at 08:57:10 UTC Fri Aug 26 2016 ! upgrade fpd auto version 15.0 service time stamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! ... ! ! ip dhcp excluded-address 10.1.1.1 10.1.1.10 ! ip dhcp pool CCNAEXAMCRAM network 10.1.1.0 255.255.255.0 default-router 10.1.1.1 option 150 ip 10.10.10.2 ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! ! redundancy ! ! ip tcp synwait-time 5 ! ! ! interface FastEthernet0/0 ip address 10.1.1.1 255.255.255.0 duplex half ! ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! ... R1#
DHCP clients in the 10.1.1.0/24 subnet are complaining that they cannot access Internet resources. What is the most likely issue?
A. The scope of addresses in the pool is not correct.
B. There is no lease duration set.
C. There are no DNS servers assigned to the clients.
D. The default gateway is incorrect.
2. What is the second of the four steps of the DHCP process?
A. Acknowledgment
B. Request
C. Offer
D. Discover
CramQuiz Answers
1. C is correct. This configuration is missing the assignment of DNS servers for the clients.
2. C is correct. The second step of the process is an offer.
Review Questions
1. What type of record is used in DNS for a mail server?
A. SOA
B. MX
C. NS
D. CNAME
2. Your junior network admin issues a ping to www.cisco.com, which is successful. What has been verified?
A. WINS
B. DNS
C. NTP
D. DHCP
3. What command sets the DHCP pool scope to 192.168.1.0/24?
A. scope 192.168.1.0/24
B. network 192.168.1.0 255.255.255.0
C. subnet 192.168.1.0/24
D. addresses 192.168.1.0
4. What command configures a DHCP relay agent?
A. ip dhcp relay-agent
B. ip dhcp relay-agent enable
C. ip forward-address
D. ip helper-address
Answers to Review Questions
1. B is correct. The MX record is for a mail server.
2. B is correct. DNS name resolution has been verified. For a client that receives its configuration via DHCP, the ping also verifies that the client received an IP address, the correct gateway, and DNS servers. But because it is possible to have all these settings statically configured, it is not possible to say that a ping to www.cisco.com will always verify proper DHCP operation. In some cases it might, but in others it may not. However, the ping will always verify DNS operation, making DNS the best answer.
3. B is correct. The network command sets this.
4. D is correct. To configure a relay agent, use ip helper-address.
Hands-On Lab Practice Assignment
Configure and Verify DHCP
To complete this Hands-On Lab Practice Assignment, download the assigned Packet Tracer file from the book’s companion website and perform the lab on your locally installed version of Packet Tracer. For instructions on how to download and use the Packet Tracer files, see “Packet Tracer Hands-On Lab Practice Assignments” in the Introduction of this book.
Additional Resources
A DNS Primer
https://danielmiessler.com/study/dns/
DHCP Explained - Step by Step Server Configuration