Network+ 10-009 Objective 3.4: Implement IPv4 and IPv6 Network Services

Reservation Benefits:

• Static Assignment: Guaranteed IP address for specific devices
• MAC Address Binding: Ties IP address to device MAC address
• Consistent Addressing: Same IP address every time device connects
• Server Configuration: Servers and network devices need static IPs
• Security Policies: Firewall rules based on specific IP addresses
• Remote Access: VPN and remote access configurations

Reservation Configuration:

• MAC Address Collection: Obtain device MAC addresses
• IP Address Assignment: Assign specific IP addresses
• Scope Configuration: Configure within appropriate scope
• Documentation: Document reservation purposes
• Testing: Verify reservation functionality
• Maintenance: Regular review and updates

Scope Characteristics:

• IP Address Range: Defines available IP addresses
• Subnet Mask: Network and host portion definition
• Default Gateway: Router IP address for the subnet
• DNS Servers: DNS server IP addresses
• Lease Duration: How long addresses are assigned
• Options: Additional configuration parameters

Scope Planning:

• Address Space: Plan sufficient address space
• Growth Planning: Account for future growth
• Reservation Space: Reserve addresses for static assignments
• Exclusion Ranges: Exclude addresses from dynamic assignment
• Network Segmentation: Separate scopes for different subnets
• Redundancy: Multiple DHCP servers for reliability

Lease Time Considerations:

• Short Leases: 1-8 hours for dynamic environments
• Medium Leases: 1-7 days for typical office environments
• Long Leases: 30+ days for stable environments
• Mobile Devices: Shorter leases for mobile devices
• Server Environments: Longer leases for stable servers
• Guest Networks: Very short leases for guest access

Lease Time Factors:

• Network Stability: Stable networks can use longer leases
• Address Scarcity: Short leases when addresses are limited
• DHCP Server Load: Longer leases reduce server load
• Network Changes: Shorter leases for frequently changing networks
• Security Requirements: Shorter leases for security
• Performance Impact: Balance between efficiency and flexibility

Common DHCP Options:

• Option 3: Default Gateway (Router)
• Option 6: DNS Servers
• Option 15: Domain Name
• Option 44: WINS Servers
• Option 46: WINS Node Type
• Option 51: Lease Time
• Option 66: TFTP Server Name
• Option 67: Boot File Name

DHCP Relay Benefits:

• Centralized DHCP: Single DHCP server for multiple subnets
• Reduced Infrastructure: Fewer DHCP servers needed
• Centralized Management: Single point of DHCP management
• Cost Savings: Reduced hardware and licensing costs
• Consistent Configuration: Uniform DHCP configuration
• Easier Troubleshooting: Centralized logging and monitoring

Relay Configuration:

• Router Configuration: Configure IP helper addresses
• Server Configuration: Configure DHCP server for relay
• Scope Configuration: Create scopes for each subnet
• Testing: Verify relay functionality
• Monitoring: Monitor relay performance
• Redundancy: Configure multiple relay servers

Exclusion Use Cases:

• Static IP Addresses: Exclude addresses used for static assignment
• Network Equipment: Exclude router and switch addresses
• Server Addresses: Exclude server IP addresses
• Reserved Addresses: Exclude addresses for future use
• Problem Addresses: Exclude addresses with issues
• Special Services: Exclude addresses for special services

SLAAC Characteristics:

• IPv6 Only: Used exclusively in IPv6 networks
• Automatic Configuration: No manual configuration required
• Router Advertisement: Uses ICMPv6 Router Advertisement messages
• EUI-64 Interface ID: Generates interface identifier from MAC address
• Privacy Extensions: Optional random interface identifiers
• No DHCP Required: Works without DHCP server

SLAAC Process:

• Router Discovery: Host discovers local routers
• Prefix Learning: Learns network prefix from router
• Interface ID Generation: Generates unique interface identifier
• Address Formation: Combines prefix and interface ID
• Duplicate Detection: Checks for address conflicts
• Address Assignment: Assigns address to interface

DNSSEC Benefits:

• Data Integrity: Ensures DNS data hasn't been modified
• Authentication: Verifies DNS data authenticity
• Non-Repudiation: Prevents denial of DNS responses
• Chain of Trust: Cryptographic chain from root to leaf
• Public Key Cryptography: Uses digital signatures
• Backward Compatibility: Works with existing DNS infrastructure

DNSSEC Components:

• RRSIG Records: Resource record signatures
• DNSKEY Records: Public key records
• DS Records: Delegation signer records
• NSEC Records: Next secure records
• NSEC3 Records: Hashed authenticated denial
• Key Management: Key generation and rollover

DoH Characteristics:

• HTTPS Transport: DNS queries over HTTPS
• Port 443: Uses standard HTTPS port
• Encryption: End-to-end encryption of DNS queries
• Privacy Protection: Hides DNS queries from network operators
• Firewall Friendly: Appears as regular HTTPS traffic
• Browser Integration: Built into modern browsers

DoT Characteristics:

• TLS Transport: DNS queries over TLS
• Port 853: Dedicated port for DNS over TLS
• Encryption: TLS encryption of DNS queries
• Server Authentication: Verifies DNS server identity
• Network Visibility: Can be detected and blocked
• System Integration: OS-level DNS over TLS support

Address (A) Records:

• IPv4 Mapping: Maps hostname to IPv4 address
• Forward Resolution: Name to IP address lookup
• Most Common: Most frequently used DNS record
• TTL Value: Time-to-live for caching
• Multiple Records: Multiple A records for load balancing
• Wildcard Records: Catch-all A records

AAAA Records:

• IPv6 Mapping: Maps hostname to IPv6 address
• IPv6 Support: Essential for IPv6 name resolution
• Dual Stack: Can coexist with A records
• Longer Addresses: 128-bit IPv6 addresses
• Preference: IPv6 preference in dual-stack environments
• Future Proofing: Preparing for IPv6 adoption

Canonical Name (CNAME) Records:

• Alias Creation: Creates aliases for existing names
• Single Point of Control: Change IP by updating A record
• Service Aliases: Common for web and email services
• No Other Records: CNAME cannot coexist with other records
• Chain Limitation: Cannot point to another CNAME
• Performance Impact: Additional DNS lookup required

Mail Exchange (MX) Records:

• Email Routing: Directs email to mail servers
• Priority Values: Lower numbers = higher priority
• Multiple Servers: Backup mail servers
• Domain Level: Must be at domain level, not subdomain
• Load Balancing: Distribute email load
• Fallback Servers: Secondary mail servers

Text (TXT) Records:

• Arbitrary Text: Can contain any text data
• SPF Records: Sender Policy Framework for email
• DKIM Records: DomainKeys Identified Mail
• DMARC Records: Domain-based Message Authentication
• Verification: Domain ownership verification
• Multiple Values: Can have multiple TXT records

Nameserver (NS) Records:

• Delegation: Delegates subdomain to other nameservers
• Authority Transfer: Transfers authority for domain
• Multiple Servers: Primary and secondary nameservers
• Glue Records: A records for nameserver addresses
• Zone Authority: Defines authoritative nameservers
• Redundancy: Multiple NS records for reliability

Pointer (PTR) Records:

• Reverse DNS: Maps IP address to hostname
• Reverse Lookup: IP to name resolution
• Email Verification: Used for email server verification
• Security Applications: Used in security logging
• Separate Zones: Requires separate reverse zones
• PTR Chain: Can point to CNAME records

Forward Zones:

• Name to IP: Resolves names to IP addresses
• Most Common: Standard DNS resolution
• Client Queries: What users typically request
• Web Browsing: Used for web site access
• Email Delivery: Used for email routing
• Service Discovery: Finding network services

Reverse Zones:

• IP to Name: Resolves IP addresses to names
• PTR Records: Contains pointer records
• Security Logging: Used in security applications
• Email Verification: Verifies email server legitimacy
• Network Troubleshooting: Helps identify devices
• Compliance: Required for some compliance standards

Authoritative Servers:

• Source of Truth: Official source for domain information
• Zone Authority: Has authority over specific zones
• Direct Answers: Provides direct answers from zone data
• No Caching: Answers from authoritative data
• Zone Transfers: Can perform zone transfers
• Primary/Secondary: Can be primary or secondary servers

Non-Authoritative Servers:

• Cached Answers: Provides cached responses
• Recursive Resolution: Performs recursive lookups
• Client Servers: Typically used by clients
• Performance: Faster response from cache
• TTL Respect: Respects TTL values from authoritative servers
• Fallback: Falls back to authoritative servers when needed

Primary Servers:

• Master Copy: Holds the master copy of zone data
• Zone Updates: Where zone changes are made
• Zone Transfers: Provides zone data to secondary servers
• Single Point: Single point of zone management
• Backup Critical: Requires regular backups
• High Availability: Should be highly available

Secondary Servers:

• Read-Only Copy: Holds read-only copy of zone data
• Zone Transfers: Receives zone data from primary
• Redundancy: Provides redundancy for primary server
• Load Distribution: Distributes DNS query load
• Geographic Distribution: Can be in different locations
• Automatic Updates: Automatically updates from primary

Recursive Resolution:

• Client Service: Serves DNS clients
• Iterative Queries: Performs iterative queries to authoritative servers
• Caching: Caches responses for performance
• Root Hints: Knows root server addresses
• Performance: Optimized for client response time
• Security: Can implement security filtering

Hosts File Characteristics:

• Local Resolution: Local name resolution without DNS
• Static Entries: Manually configured name-to-IP mappings
• OS Specific: Location varies by operating system
• Priority: Higher priority than DNS resolution
• Testing: Useful for testing and development
• Blocking: Can block access to specific domains

NTP Characteristics:

• Stratum Levels: Hierarchical time synchronization
• UDP Port 123: Uses UDP for time synchronization
• Millisecond Accuracy: Typically accurate to milliseconds
• Widely Supported: Supported by most network devices
• Public Servers: Many public NTP servers available
• Redundancy: Supports multiple time sources

NTP Stratum Levels:

• Stratum 0: Atomic clocks and GPS receivers
• Stratum 1: Servers directly connected to stratum 0
• Stratum 2: Servers synchronized to stratum 1
• Stratum 3: Servers synchronized to stratum 2
• Stratum 15: Unsynchronized or invalid time
• Stratum 16: Not synchronized

PTP Characteristics:

• Microsecond Accuracy: Much more accurate than NTP
• IEEE 1588: IEEE standard for precision time
• Hardware Timestamping: Uses hardware for precise timing
• Industrial Applications: Used in industrial automation
• Financial Trading: Critical for high-frequency trading
• Media Production: Used in broadcast and media

PTP Components:

• Grandmaster Clock: Primary time source
• Boundary Clock: Intermediate clock in network
• Transparent Clock: Forwards PTP messages with delay correction
• Ordinary Clock: End device clock
• Master-Slave: Master provides time to slaves
• Best Master Clock: Automatic master selection

NTS Benefits:

• Authentication: Authenticates time servers
• Integrity Protection: Protects against time manipulation
• Replay Protection: Prevents replay attacks
• Key Management: Automatic key management
• Backward Compatibility: Works with existing NTP
• Standards Based: RFC 8915 standard

NTS Implementation:

• TLS Transport: Uses TLS for secure communication
• Cookie-Based Authentication: Uses cookies for authentication
• Key Exchange: Automatic key exchange process
• Server Discovery: Discovers NTS-capable servers
• Fallback Support: Falls back to regular NTP if needed
• Performance Impact: Minimal performance overhead