S3SS10N Wednesday – DNS Part 3

Join Cybrary

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here
< Back to S3SS10NS

S3SS10N Wednesday – DNS Part 3

Published: December 14, 2016 | By: Kelly Handerhan | Views: 8355
This post has been saved to your profile

This Weeks S3SS10N Wednesday

The first two sessions on DNS covered foundational topics including name resolution, records, and the evolution of the DNS system. In Part 3 of this Session Wednesday series, Kelly takes us on a deeper dive into the implementation and organizational structure of DNS.

Some basic terms are introduced. A zone is an area of a namespace for which it is authoritative. In other words, a zone knows about a particular area and can be regarded as the “expert” or authority on it. Zones are set up on DNS servers. An example would be a DNS server that is authoritative for the Cybrary.com domain.

There are several options for configuring zones on a DNS server ranging from simple to complex. In the Cybrary.com example, a single zone could handle the entire namespace which could potentially include all sub-domains such as east.cybrary.com and west.cybrary.com.

An important rule regarding namespaces is that they must be contiguous: there can be no gaps between zones within a namespace. The decision to use one big zone to handle an entire namespace versus splitting up the namespace into separate zones residing on multiple DNS servers depends on network structure and load handling. Better performance can sometimes be achieved by splitting up a namespace into separate zones.

The concept of zone delegation is introduced next. When a DNS server receives a request for a zone outside its scope of authority it must perform what is known as zone delegation. A server can either delegate down or up. In the case of a client request such as from an end user on a PC, the delegation flows downward. A namespace record with a pointer is used to find the DNS server that is authoritative for the requested zone.

DNS forwarding is a request originating from one DNS server to another. The request is delegated up in a child/parent relationship. Such forwarding can also occur in a side-to-side direction on a conditional basis, but this is typically avoided since it’s cumbersome. External name resolution for a domain outside of a server’s namespace is directed to the client’s ISP. An example would be a request for Yahoo.com to the Cybrary.com DNS server. More efficient lookups can be achieved by leveraging the cache of the ISP’s DNS server.

Whiteboard Notes

Click Image to View a Larger Version
< Back to S3SS10NS

About This S3SS10N Wednesday's Contributor

Kelly Handerhan
Skilled and certified in CISSP, CASP, and PMP, SME Kelly has taught several courses on Cybrary and is highly praised for her ability to effectively communicate important information in a relate-able and understandable way.
Enjoy this S3SS10N Wednesday? Want more Cybytes?
Invite a Friend
and share now
Facebook Twitter LinkedIn Email
Join Cybrary
  1. Great condensed information package.
    Your always on point, and deliver facts in an understandable way.
    I hope you keep going here.
    Thanks for your time.

  2. I really like an appreciate these quick, down and dirty recaps. They are incredibly helpful when I have not dealt with a topic in some time. THANK YOU

  3. I really like an appreciate these quick, down and dirty recaps. They are incredibly helpful when I have not dealt with a topic in some time. THANK YOU

  4. now I understand how that humongous DDoS happened recently. Thanks Kelly!

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?