In this blog post, we will cover the role of 2 important services – DHCP and DNS. The CCNA exam includes the following topics that we will explore in detail:
4.3 Explain the role of DHCP and DNS within the network
4.6 Configure and verify DHCP client and relay
Domain Name System
Domain Name System (DNS) is a naming protocol for hosts and services on the Internet. It is also a client-server application that maintains and provides access to DNS records. Many Internet services, such as web browsing and email delivery, rely on DNS service.
In addition to its role of naming hosts on the Internet, DNS is also often used by organizations to support their internal applications. For example, Microsoft Active Directory is a directory service that requires DNS to store its records. In such scenarios, the internal records are not exposed to the Internet.
Domains and FQDNs
Hosts are uniquely identified by their Fully Qualified Domain Name (FQDN). For example, server1.sales.fastreroute.com is a fully qualified domain name of a server. The name consists of 2 parts separated by a dot:
- Hostname portion, or server1
- Domain portion, or sales.fastreroute.com
The domain component is hierarchical, with the parent domains specified on the right side. In the example above, domain .com is a parent domain of fastreroute.com, which in turn is a parent domain of sales.fastreroute.com.
To understand domain hierarchy, a file system can be used as an analogy, in which folders are replaced with domains and files with hosts. Domains can contain sub-domains or hostnames, in the same way as a file-system folder can contain subfolders or files.
Name server functionality can be implemented as an operating system component, an application, or Software-As-A-Service (SAAS). For example, BIND is one of the most popular DNS servers on the Internet and is available on Unix-like operating systems. Windows platforms have a DNS server built-in into the server operating system.
Public cloud providers offer managed DNS service, for example, AWS offers Route53, which can provide advanced features beyond traditional DNS servers. Cisco routers can be configured to act as a DNS server too. We will provide an example of how to set it up in this blog post.
A name server can act as an authoritative server or name resolver, or both at the same time. The authoritative server role focuses on storing naming information in DNS zones. The resolver role is about providing requested information after receiving a query from a client. We will discuss these roles in detail in the next two sections.
Authoritative Name Servers and Zones
An authoritative name server stores a DNS zone for a specific domain subtree and doesn’t rely on querying other name servers for entries in this zone. A domain hierarchy defines a logical structure of a namespace, while zones are actual files or databases storing the DNS data.
The very top zone in the hierarchy of public DNS is called the root zone. It contains pointers on how to find information about domains such as .com, .net, and different country codes. These domains are called Top-Level Domains (TLDs).
The root zone is serviced by 13 groups of DNS servers, which are also called root hints. Each group contains geographically distributed servers that share the same anycast IP address and allocated a letter of the alphabet as hostname, in the root-server.net domain. The location of these servers on the world map can be checked here, scroll down to see members within each cluster, and their location.
When an organization registers a domain name, for example, fastreroute.com, the parent domain (.com) delegates administrative control over fastreroute.com and all domains under it to the organization. If no further delegation is done, then the zone fastreroute.com will store all entries in the domain and all subdomains under it.
Administrators of fastreroute.com can delegate control of a subdomain sales.fastreroute.com to the sales department. A different set of DNS servers can host the zone for sales.fastreroute.com and all subdomains under it, such as us.sales.fastreroute.com.
If we continue the analogy with the file system, delegation is similar to creating a link or shortcut that will redirect users to another file server. This server, in turn, can create shortcuts to other file servers and so on.
Name Resolvers and Query Types
Name resolution is the process of a DNS client sending a query and DNS server replying to it. The most commonly used type of request is to resolve hostnames to IP addresses. Some name servers can perform only name resolution functionality and do not host any zones, i.e. not being authoritative for any domain namespaces.
There are 2 modes that name resolvers can operate in – recursive and iterative. A recursive server can perform additional queries to another server if it doesn’t have the required information locally. Recursive name resolvers can also cache answers, so the subsequent queries can be serviced using a local cache. An iterative resolver, instead of doing all the queries on the client behalf, can return an address of another name server for the client to query directly.
DNS stores information in domain zones using several types of records. SOA record contains authoritative zone information, administrative contacts, and different timers. NS record contains pointers to authoritative DNS servers.
“A” record maps a hostname to an IPv4 address. AAAA record is the IPv6 version of A record. PTR record stores reversed A record, so one can resolve a hostname by using an IP address.
CNAME record keeps hostname to hostname mapping and also often called alias record. MX record is used to specify the SMTP mail server for a domain. TXT record stores a piece of text information.
Check this article on Wikipedia with the full list of DNS record types.
Cisco Routers and Switches as a DNS Client
Cisco devices can be configured as a DNS client. The device has multiple system services such as, Smart Licensing and NTP servers, that use hostnames and need to figure out the IP addresses. Hostname and domain name is also used to create RSA keys for services, such as the SSH server.
The following configuration commands configure DNS client functionality:
hostname edgerouter1 ip name-server 22.214.171.124 126.96.36.199 ip domain name fastreroute.com
In this example, the router will have FQDN of edgerouter1.fastreroute.com. It will use two Google’s name servers in the specified order and it will also append suffix fastreroute.com if only a hostname is specified in various commands.
To display name server information, validate cache and enable debugging, use the following 3 commands:
show ip dns servers show hosts debug ip domain
Cisco Routers and Switches as DNS Server
It is possible to configure Cisco routers to provide DNS server functionality. To enable it use the following command:
ip dns server
By default, the server will use name servers configured on the router, as shown in the earlier example, to perform query forwarding. It is possible to create conditional forwarding patterns useful when you might want to use internal DNS servers for some queries and ISP’s DNS servers for Internet access at the remote branch. The configuration guide on the Cisco website provides more information for such a configuration.
It is also possible to create static entries that can be useful for different testing scenarios:
ip host test.local.lab 188.8.131.52
In this example, the router will reply with the IP address of 184.108.40.206 to clients that are trying to resolve “test.local.lab” via the Cisco router.
Dynamic Host Configuration Protocol (DHCP)
A host needs an IP address to communicate on the network. An address can be assigned to a device via manual configuration or dynamic assignment. Administrators manually configure IP addresses on servers and network devices that expect static IP addresses. DHCP server dynamically assigns IP addresses to workstations and client devices, as they don’t expect inbound connections and manual configuration would be time-consuming and unpractical.
DHCP Client-Server Communication
When a DHCP client starts up, it broadcasts a discover message looking for a DHCP server. As the client doesn’t have an IP address during bootstrap, all communications described below use broadcasts and can only communicate on the same broadcast domain (VLAN).
If any of the DHCP servers received a discover message from the client, they reply with an offer of IP address for the client to use. The client receives one or many replies, in which case it usually uses the first one, and sends a request back to the server confirming that it accepts offered IP address. Finally, the server sends an acknowledgment to the client to complete the address negotiation process.
This handshake uses 4 messages: DHCP Discover, DHCP Offer, DHCP Request, DHCP Ack. It can be memorized by using acronym DORA (Discover, Offer, Request, Acknowledgment).
DHCP Pools and Leases
An administrator creates a pool of IP addresses for the DHCP server to allocate individual addresses from. Addresses must be returned back to the pool after a period of time or a client must request a lease renewal.
Multiple settings, such as subnet mask, default gateway, DNS server and domain, and lease duration can be managed on a pool level. Cisco devices acting as DHCP servers use the pool configuration mode for subnets and individual IP address reservations.
DHCP lease or binding is created when a client has been allocated an IP address from a pool. The lease is provided for a specific time. The client will attempt to renew the lease at the predetermined periods prior to the lease expiration.
Printers often need to have the same IP address. Instead of configuring printers manually, an administrator can configure a DHCP server to reserve an IP address for a specific MAC address. Such a lease is called DHCP reservation.
DHCP Client Configuration on Cisco Devices
DHCP client configuration is usually done on Internet-facing interfaces.
interface GigabitEthernet0 ip address dhcp ip route 0.0.0.0 0.0.0.0 dhcp
The example above configures the GigabitEthernet0 interface to acquire its IP address dynamically via DHCP. The optional “ip route” command enables the use of the default gateway sent by the DHCP server.
DHCP Relay Configuration on Cisco Devices
As we discovered earlier, DHCP is based on broadcast communications. As broadcasts are contained within a subnet boundary, clients must be placed into the same subnet as the DHCP server or DHCP server must have multiple interfaces to be placed into every subnet. Both scenarios are not optimal and don’t scale well.
To address this DHCP relay can be configured on a switch. DHCP relay listens for DHCP messages on the interfaces where it is enabled. If a relay sees a broadcast, it processes the message and then sends it as a unicast directly to the DHCP server. Further communications flow via DHCP relay, which also encodes source IP address of the interface where the query from the client was received, so the DHCP server knows from which address pool to allocate the address.
DHCP relay or often called “ip helper”, is configured using the following commands:
interface Vlan100 ip helper-address 192.168.1.10
In this example, the DHCP broadcasts received from clients in VLAN 100 will be forwarded to the DHCP server with an IP address of 192.168.1.10.
DHCP Server Configuration on Cisco Devices
In SOHO networks, no traditional servers may be available to perform the DHCP server role. In these scenarios, a router can be configured as a DHCP server. The configuration consists of defining a DHCP pool with its settings and excluding certain IP addresses from allocation.
The configuration commands to create a network pool:
ip dhcp excluded-address 192.168.10.1 220.127.116.11 ip dhcp pool VLAN-10 network 192.168.10.0 255.255.255.0 default-router 192.168.10.1 dns-server 192.168.10.1
To create a reservation for a device, its MAC address needs to be specified:
ip dhcp pool PRINTER-01 host 192.168.10.9 255.255.255.0 client-identifier abcd.efab.cdef default-router 192.168.10.1 dns-server 192.168.10.1
To validate assigned IP addresses and see debug messages:
show ip dhcp binding debug ip dhcp server packets debug ip dhcp server events
Check other articles on our website.