Advanced DHCP and DNS Deployments
-
Upload
furqan-ali-khan -
Category
Documents
-
view
240 -
download
0
Transcript of Advanced DHCP and DNS Deployments
-
7/22/2019 Advanced DHCP and DNS Deployments
1/119
BRKNMS-2640
Advanced DHCP and DNS
Deployments
Bernie Volz
-
7/22/2019 Advanced DHCP and DNS Deployments
2/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 2
Introduction
This session describes the management of IPaddresses (host and domain) names. We explain thefunctionalities of DHCP and DNS and how theycollaborate to produce the foundation of a name and
address management system. The recentdevelopments in both areas will be touched as well.Finally we enumerate best practices for achievingreliability and security of both services.
-
7/22/2019 Advanced DHCP and DNS Deployments
3/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 3
Non-Information
Silence your phone, pda, pager, mp3 player
At CiscoLive! your evaluation is extremely important
Please remember to wear your badge at all times
Please visit the World of Solutions
There is extra material in the appendix at the end ofthis presentation; the explanatory notes contain
links to reference material; I tried to translate allacronyms
You can ask questions any time
-
7/22/2019 Advanced DHCP and DNS Deployments
4/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 4
Meet the Engineer
To make the most of your time at Networkers at CiscoLive 2011, schedule a Face-to-Face Meeting with topCisco Engineers.
Designed to provide a "big picture" perspective aswell as "in-depth" technology discussions, these face-to-face meetings will provide fascinating dialogue anda wealth of valuable insights and ideas.
Visit the Meeting Centre reception desk located in theMeeting Centre in World of Solutions.
-
7/22/2019 Advanced DHCP and DNS Deployments
5/119
-
7/22/2019 Advanced DHCP and DNS Deployments
6/119
Dynamic Host Configuration Protocol DHCP DHCP Scale Considerations
DHCP Reliability Considerations
IPv6 and DHCP
Domain Name System DNS
Interaction Between DNS and DHCP
-
7/22/2019 Advanced DHCP and DNS Deployments
7/119 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 7
Managing the DHCP Server
Server configured with:
Network design (Layer 3): network segments, subnets,relay agents
Available addresses
Rules about address allocation
Network administrator controls DHCP service
Policies for hosts or groups of hosts
Specific configuration parameters
Which hosts to serve
DHCP Server Acts as Agent for Network Administrator
-
7/22/2019 Advanced DHCP and DNS Deployments
8/119
-
7/22/2019 Advanced DHCP and DNS Deployments
9/119
-
7/22/2019 Advanced DHCP and DNS Deployments
10/119
-
7/22/2019 Advanced DHCP and DNS Deployments
11/119
Dynamic Host Configuration Protocol DHCP DHCP Scale Considerations
DHCP Reliability Considerations
IPv6 and DHCP
Domain Name System DNS
Interaction Between DNS and DHCP
-
7/22/2019 Advanced DHCP and DNS Deployments
12/119 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 12
DHCP Relay
Agent
DHCP Relay
Agent
DHCPServer
DHCP Server
Distributed DHCP Service
DHCP Server
Centralized DHCP Service
Pro: Centralized
Management
Pro: Reliability
Through
redundancy
Architectures for DHCP Service (1)
-
7/22/2019 Advanced DHCP and DNS Deployments
13/119
-
7/22/2019 Advanced DHCP and DNS Deployments
14/119 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 14
Architectures for DHCP Service (2)
DHCP Server
Redundant DHCP ServiceHybrid DHCP Service
Pro: Independent
Operation of
Remote Site if
WAN Link Fails Pro: Reliability
Through Redundancy
with Failover
Remote
Site
DHCPServers
DHCPServer
DHCP Relay
AgentsDHCP Relay
Agent
DHCP RelayAgent
-
7/22/2019 Advanced DHCP and DNS Deployments
15/119 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 15
Best of Both Worlds
DHCP Server
Hybrid DHCP Service
Remote
Site
DHCPServers
DHCP Relay
Agents
Delegation
-
7/22/2019 Advanced DHCP and DNS Deployments
16/119
-
7/22/2019 Advanced DHCP and DNS Deployments
17/119 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 17
DHCP Relay
Agent
DHCP Relay
Agent
Slave Servers
IOS Slave Servers
For Millions of Subscribers
Redundant Master Servers
Delegation
-
7/22/2019 Advanced DHCP and DNS Deployments
18/119
-
7/22/2019 Advanced DHCP and DNS Deployments
19/119
Dynamic Host Configuration Protocol DHCP
DHCP Scale Considerations
DHCP Reliability Considerations
IPv6 and DHCP
Domain Name System DNS
Interaction Between DNS and DHCP
-
7/22/2019 Advanced DHCP and DNS Deployments
20/119 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 20
Reliable DHCP Service
Problem: provide increased reliability for DHCPservice through redundancy
Solution: deploy multiple DHCP servers and enableall servers to respond to messages
DHCP client broadcasts messages, and relay agent canforward to multiple servers, so more than one DHCP servermay receive messages from clients
DHCP client is required by protocol specification to be able
to receive responses from multiple serversDHCP client broadcasts rebinding request, so it can locatesecondary server if primary is not accessible
-
7/22/2019 Advanced DHCP and DNS Deployments
21/119
-
7/22/2019 Advanced DHCP and DNS Deployments
22/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 22
Better if Servers Shared State
Servers notify each other of assignments
If assigning server fails, other server(s) will have a recordof the assignment and can respond
However, notification may take some time
DHCP specification does not allow sufficient time todo update before responding
Most hosts will timeout and retransmit before theinterserver update completes
Therefore, server cant wait for update to complete beforesending response
-
7/22/2019 Advanced DHCP and DNS Deployments
23/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 23
Solution . DHCP Safe Failover
Main DHCP Server
Backup DHCP Server
Backup Address Pool
192.168.18.151-200Main Address Pool192.168.18.101-150
-
7/22/2019 Advanced DHCP and DNS Deployments
24/119
-
7/22/2019 Advanced DHCP and DNS Deployments
25/119
-
7/22/2019 Advanced DHCP and DNS Deployments
26/119
-
7/22/2019 Advanced DHCP and DNS Deployments
27/119
-
7/22/2019 Advanced DHCP and DNS Deployments
28/119
-
7/22/2019 Advanced DHCP and DNS Deployments
29/119
-
7/22/2019 Advanced DHCP and DNS Deployments
30/119
-
7/22/2019 Advanced DHCP and DNS Deployments
31/119
-
7/22/2019 Advanced DHCP and DNS Deployments
32/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 32
IPv6 Addresses
Divided into two conceptual parts (like IPv4)
Prefix
Globally unique
Assigned to a linkKnown as link address orlink prefix
Suffix
Only unique within a link
Assigned to an individual interfaceKnown as interface identifier
-
7/22/2019 Advanced DHCP and DNS Deployments
33/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 33
Address Assignment
Manual
DHCPv6
Stateless address auto-configuration; host:
Derives EUI-64 interface identifier from MAC address
Constructs address from prefix advertised by router andEUI-64 interface identifier
Performs duplicate address detection to confirm address isnot already in use
2001:DB8:3:0:Prefix from RA:
MAC Address from Interface:
214:51ff:fed9:a45a
00:14:51:d9:a4:5a
2001:DB8:3:0::/64
-
7/22/2019 Advanced DHCP and DNS Deployments
34/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 34
Improvements in DHCPv6 over DHCPv4
L3-only transport
Link-local addressing between client and server (or relay agent)
No need for all-zeros IP source address
Assignment of multiple addresses to a client
Unique, uniform client identification
Explicit lease renewal and lease rebinding messages
Larger option code space (16-bit option code)
Most information carried in options (instead of fixed
header fields)
Relay agent chaining through message encapsulation
Server message to force client reconfiguration
-
7/22/2019 Advanced DHCP and DNS Deployments
35/119
-
7/22/2019 Advanced DHCP and DNS Deployments
36/119
-
7/22/2019 Advanced DHCP and DNS Deployments
37/119
-
7/22/2019 Advanced DHCP and DNS Deployments
38/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 38
DHCPv4/DHCPv6 Coexistence
IETF design decision: DHCPv4 and DHCPv6 areseparate protocols
Different message formats
Different message exchanges
Separate options
Host runs DHCPv4 and DHCPv6 as separatefunctions
What about options that provide same informationin DHCPv4 and DHCPv6; e.g., DNS servers?
-
7/22/2019 Advanced DHCP and DNS Deployments
39/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 39
Server 1 Client Server 2
Basic DHCPv6 Message Exchange
Client multicasts SOLICITmessage on local subnet
Servers send ADVERTISEmessage with leaseinformation
Client selects lease andmulticast REQUESTmessage
Selected server sends
REPLY message
-
7/22/2019 Advanced DHCP and DNS Deployments
40/119
-
7/22/2019 Advanced DHCP and DNS Deployments
41/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 41
Stateless DHCPv6
Used in conjunction with stateless address auto-configuration
DHCPv6 server does not need to retain state foreach client; e.g., assigned addresses, lease state
Client uses stateless DHCPv6 (RFC 3736) to obtainconfiguration information
Very simple protocol server; can be easily deployed
in routers rather than as centralized service
-
7/22/2019 Advanced DHCP and DNS Deployments
42/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 42
IPv6 Deployment Model for SOHO
IPv6 has enough prefixes to assign a prefix to everyservice provider subscriber or branch office
Subscriber network will have IPv6 router (instead ofcomputer or NAT) connected to service provider
DHCPv6 prefix delegation informs subscriber routerof prefix to use
Assignment of a prefix to a subscriber or an organization,rather than a single address, is recommended for IPv6
IPv6 prefix delegation uses DHCPv6 to provision a routerwith the prefix to be used at that site
Site router then assigns /64 prefixes from delegated prefix toeach link in the site network
-
7/22/2019 Advanced DHCP and DNS Deployments
43/119
IP 6 D l t M d l f
-
7/22/2019 Advanced DHCP and DNS Deployments
44/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 44
IPv6 Deployment Model forBranch Office
IPv6 prefix can be assigned to enterprise branchoffice
Branch office gateway router provides IPv6 serviceto branch office network
DHCPv6 prefix delegation informs branch officerouter of prefix to use
Branch office router assigns /64 prefixes from
delegated prefix to each branch office network linkAdd interface index to /48 prefix to generate /64 for each link
Delegated prefix 2001:DB8:3::/48 and assign prefix2001:DB8:3:1::/64 to interface 1
-
7/22/2019 Advanced DHCP and DNS Deployments
45/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 45
Branch Office IPv6 Network Model
Branch Office Network
Servers
DHCP
DNS
Management
Core
BranchRouter
Router
Branch Router initiates DHCPv6
Receives IPv6 address for enterprise net link
Receives 2001:DB8:3::/48 (prefix delegation)
Receives list of DNS servers and other configuration
Branch Router assigns /64 prefixes from2001:DB8:3::/48 to branch office network links
Enterprise Network Link: Assigned 2001:DB8:FFFF:0::/64
Branch Office Link 0 (Wireless): Assigned 2001:DB8:3:0::/64
Branch Office Link 1 (Desktop): Assigned 2001:DB8:3:1::/64
Branch Office Link 2 (Data Center): Assigned 2001:DB8:3:2::/64
-
7/22/2019 Advanced DHCP and DNS Deployments
46/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 46
Routing and DHCPv6 Prefix Delegation
Prefix delegation requires routing updates indelegating router and requesting router
Injection of routing information for delegated prefix
Determination of default router
DHCPv6 snooping typically used
DHCPv6 leasequery (RFC 5007 and 5460) allowsrequesting router to obtain information aboutdelegated prefixes from DHCPv6 server
-
7/22/2019 Advanced DHCP and DNS Deployments
47/119
Dynamic Host Configuration Protocol DHCP
Domain Name System DNS
DNS Deployment
DNS Service Security
Interaction Between DNS and DHCP
-
7/22/2019 Advanced DHCP and DNS Deployments
48/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 48
Names
org
(root)
bucknell
edu
purdue
cswww
example
com
.
com.
example.com.
www.example.com.
-
7/22/2019 Advanced DHCP and DNS Deployments
49/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 49
The Domain Name System (DNS)
DNS is a distributed database, with distributedadministration and responsibility
The database key is a Fully Qualified Domain Name(FQDN) that consists of a string of tokens separated by
.Example : www.cisco.com
The data is stored in Resource Records (RR) of whichthere are many types, examples are A, AAAA, PTR andMX.
Product of the IETF to replace original HOSTS.TXT file
-
7/22/2019 Advanced DHCP and DNS Deployments
50/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 50
DNS Features
The DNS is designed for look-up queries
The DNS holds two major types of information
The actual data available as answers to queries
Structural information for DNS itself
Information is logically grouped in zones; a zone is theunit of control, modification rights and replicationoperations apply to zones
-
7/22/2019 Advanced DHCP and DNS Deployments
51/119
-
7/22/2019 Advanced DHCP and DNS Deployments
52/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 52
Queries
Lookup is based on FQDN, class, and type
Query for example.com
example.com. ? IN A ?
example.com. 4711 IN A 192.168.1.1
-
7/22/2019 Advanced DHCP and DNS Deployments
53/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 53
DNS is a Universal Lookup Service
Lookup by name to find IPv4 address(es)www.l.google.com: type A, class IN, addr 64.233.169.147
www.l.google.com: type A, class IN, addr 64.233.169.105
www.l.google.com: type A, class IN, addr 64.233.169.103
xn--9n2bp8q.xn--9t4b11yi5a : type A, class IN, addr 199.7.85.16
Lookup by name to find IPv6 address(es)ipv6.l.google.com: type AAAA, class IN, addr 2001:4860:b004::68
Lookup by name to find mail server(s)cisco.com: type MX, class IN, preference 10, mx sj-inbound-b.cisco.com
cisco.com: type MX, class IN, preference 15, mx rtp-mx-01.cisco.com
cisco.com: type MX, class IN, preference 25, mx syd-inbound-a.cisco.com
Lookup by IPv4 address to find domain name25.219.133.198.in-addr.arpa: type PTR, class IN, www9.cisco.com
-
7/22/2019 Advanced DHCP and DNS Deployments
54/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 54
DNS is a Universal Lookup Service
Lookup by service to find host and port_sip._tcp.example.com: type SRV, class IN,
priority 0, weight 10, port 5060, host sip.example.com
Lookup by name to find servicesexample.com: type NAPTR, class IN, 1 1 "s" "" "" _sip._tcp.example.com
example.com: type NAPTR, class IN, 1 1 "s" "" "" _clip._tcp.example.com
example.com: type NAPTR, class IN, 1 1 "s" "" "" _wins._tcp.example.com
Lookup by E.164 number to find URL or URN5.4.3.2.1.e164.arpa.: type NAPTR, class IN, 1 1 "u" "E2U+sip"
"!.*!sip:[email protected]!" .
-
7/22/2019 Advanced DHCP and DNS Deployments
55/119
-
7/22/2019 Advanced DHCP and DNS Deployments
56/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 56
Reverse Zone
PTR records used to resolve name for an IP address
Canonical representation of IP address used as FQDN
IPv4reversed dotted decimal concatenated with IN-ADDR.ARPA. (for
address 192.168.50.22)
22.50.168.192.in-addr.arpa 1800 IN PTR www.example.com
IPv6reversed dotted hexadecimal nibbles concatenated withIP6.ARPA. (for address 2001:db8:1:1::22)
2.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa 1800 INPTR www.example.com
Zone delegations based on address-FQDNcomponents; gets tricky when delegations are not onFQDN component boundaries
http://www.example.com/http://www.example.com/http://www.example.com/http://www.example.com/ -
7/22/2019 Advanced DHCP and DNS Deployments
57/119
-
7/22/2019 Advanced DHCP and DNS Deployments
58/119
-
7/22/2019 Advanced DHCP and DNS Deployments
59/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 59
Domains and Zones
All nodes below anode are included inthe same domain
Nodes are grouped inadministrative zones
Each node can be thestart of a new zone,but it doesnt have tobe
A node which is thestart of a new zone iscalled a delegation
point
root-zone
bucknell
example.com-zone
com-zone
purdue.edu-zone
com-domain
Zone
Domain
edu
purdue
cswww
example
com org
-
7/22/2019 Advanced DHCP and DNS Deployments
60/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 60
A DNS Server performs two functions
Hosts must be able to query FQDNs of the entire DNS namespace
Recursive servers provide resolution service
Hosts and recursive servers must be able to issue DNS queriesabout zones you administer
Authoritative servers respond to queries for FQDNs under
their authority
Recursive
Server
InternetcomName
Server
example
Name Server
FQDN ResolutionRoot
Server
DNS Database
Application
StubResolver
-
7/22/2019 Advanced DHCP and DNS Deployments
61/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 61
DNS Name Resolution
1. An application wants to resolvewww.widgets.example.com into an IP address
2. Stub Resolver code (typically in a library on the host where the applicationruns) sends a DNS protocol request message to (local) recursive server
3. Recursive server sends DNS protocol request messages to many DNS nameservers; the recursive server may cache the answers
4. Recursive server returns IP address to stub resolver through a DNSprotocol message
5. Stub resolver communicates IP address to application
Recursive
Server
Internet
comName
Server
example
Name Server
1.2.3.4
Root
Server
DNS Database
Application
Stub
Resolver
Widgets
Name Server
1
2
43
5
www.widgets.example.com ?
http://www.widgets.example.com/http://www.widgets.example.com/ -
7/22/2019 Advanced DHCP and DNS Deployments
62/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 62
Recursive Resolution
1. Question = resolve www.widgets.example.com In the DNS protocol thequestion will always be the same.
2. Ask root server(s) (known via hint list); they will only answer which server(s)know com. which is likely a top level domain (TLD)
3. Ask server(s) forcom.; they return a NS list that know about example.com.
4. Ask server(s) forexample.com.; dependent on how the zones are laid out theymight return the answer forwww.widgets.example.com or else return a NS listthat know about widget.example.com.
5. Finally the widget.example.com name server returns the answer
com
Name Server
example.com
Name Server
Root Server
DNS Database
Widgets.example.com
Name Server
www.widgets.example.com ?
NS for com = a, b, c
NS for example.com = x, y
NS for widgets.example.com = m, n
www.widgets.example.com = 1.2.3.4
http://www.widgets.example.com/http://www.widgets.example.com/ -
7/22/2019 Advanced DHCP and DNS Deployments
63/119
-
7/22/2019 Advanced DHCP and DNS Deployments
64/119
Dynamic Host Configuration Protocol DHCP
Domain Name System DNS
DNS Deployment What Where Why?
DNS Service Security
Interaction Between DNS and DHCP
-
7/22/2019 Advanced DHCP and DNS Deployments
65/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 65
Deploying Authoritative Servers
Use a hidden primary or gold master
It will make authorization of changes easier
Slave servers answer all requests authoritatively,they obtain info only from the master
Close to your own hosts
In your DMZ, reachable from outside
At least one slave somewhere else on the Internet
This gives responses when your own slaves are notreachable
-
7/22/2019 Advanced DHCP and DNS Deployments
66/119
-
7/22/2019 Advanced DHCP and DNS Deployments
67/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 67
Queries from the Inside
Hidden Master
= Authoritative
Internal Cache
= Recursive
DMZ Cache
= Recursive
External Slave
= Authoritative
Internal DMZ External
DMZ Slave
= Authoritative
Internet
Internal Cache
= Recursive
Internal Slave
= Authoritative
-
7/22/2019 Advanced DHCP and DNS Deployments
68/119
-
7/22/2019 Advanced DHCP and DNS Deployments
69/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 69
Queries from the Outside
External Slave
= Authoritative
Internal DMZ External
DMZ Slave
= Authoritative
Internet
-
7/22/2019 Advanced DHCP and DNS Deployments
70/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 70
Queries from Subscribers
Internal DMZ External
DMZ Slave
= Authoritative
Internet
Access
Network
-
7/22/2019 Advanced DHCP and DNS Deployments
71/119
Dynamic Host Configuration Protocol DHCP Domain Name System DNS
DNS Deployment
DNS Service Security
Interaction Between DNS and DHCP
-
7/22/2019 Advanced DHCP and DNS Deployments
72/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 72
Security Exposures in DNS
1. Corruption of name server database: DDNS, admin spoofing
2. False zone transfers
3. Spoofed responses to recursive server queries
4. Spoofed responses to stub resolver queries
Recursive
Server
Internet
com
Server
widgets
Name Server
example
Name Server
(Master)
FQDN Resolution
example NameServer (Slave)
example
Name Server
(Database)
Root
Server
Application
StubResolver 4
2
1
3
-
7/22/2019 Advanced DHCP and DNS Deployments
73/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 74
TSIG, SIG(0), and DNSSEC
TSIG: uses shared secret key to protect DNStransactions
Sender computes hash of transaction using secret key
Received confirms integrity using secret key
SIG(0): uses public/private key pair to protect DNSqueries
Sender computes signature of transaction using private key ofpublic/private key pair
Receiver confirms authenticity using public key
DNSSEC: uses signed RRset to protect DNS data
Sender computes signature of RRset using private key ofpublic/private key pair
Receiver confirms authenticity using public key
-
7/22/2019 Advanced DHCP and DNS Deployments
74/119
-
7/22/2019 Advanced DHCP and DNS Deployments
75/119
ButHow Does the Resolver
-
7/22/2019 Advanced DHCP and DNS Deployments
76/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 77
www.example.com
Has AddressSignature
Key for
example.com
example.comKey
Has SignatureSignature
Key for com
Get the Key forexample.com?
Three new RR types used to storecryptographic data
DNSKEYholds public key
DSholds public key hash for a subzone
RRSIGholds RRset signature
(There are 3 other RRs: NSEC, NSEC3,
NSEC3PARAM)
Hash of public key forexample.comisstored in a DS RR in the comzone; public
key is stored in a DNSKEY RR in theexample.comzone
Resolver with public key for com
Uses public key forcomto authenticate signature of DSRR forexample.com
Retrieves public key forexample.comin DNSKEY RR
from example.com zone and authenticates with DS RR
Resolveswww.example.comand authenticates RR(s)
with key from example.com DNSKEY RR
Signature
-
7/22/2019 Advanced DHCP and DNS Deployments
77/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 78
Global view of signatures and keys
FQDN CL TYPE RDATA
com. IN DNSKEY xyz23Cryryptogrm4d3DS
example.com IN RRSIG
DS
Signature of DS
Hash for public key of
example.com
example.com IN DNSKEY 3245sdFD56G4ggf15R5
www.example.com IN A
RRSIG
64.64.64.64
Signature for RR
com.zone
example
.com.zone
means authentified bymeans used to validate
-
7/22/2019 Advanced DHCP and DNS Deployments
78/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 79
Why Arent We Using DNSSEC Today?
Requires chain of signed zonesRoot TLDs organizations
Trust islands may be an interim step
Processes for key and trust anchor management and rollover need to beworked out
Organizations need to get keying information into TLDs
RFC 5011 mechanisms need to be deployed for trust anchors
Applications are unprepared for DNSSEC
How does an application react to an unsecured response or a response that failsauthentication?
Organizations need to deploy DNSSEC
Name servers; recursive servers
with a mechanism for securing DNS traffic between hosts and recursive servers
Root zone has been signed since July 15, 2010
Good information source - http://www.dnssec-deployment.org/
http://www.dnssec-deployment.org/http://www.dnssec-deployment.org/http://www.dnssec-deployment.org/http://www.dnssec-deployment.org/ -
7/22/2019 Advanced DHCP and DNS Deployments
79/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 80
RootZone
com
Zone
example.com
Zone
Trust Island for DNSSEC
Resolver can be configured with public key forexample.comzone
Resolver performs unsecured resolution through root andcomzones
Then, resolver applies example.comzone key for secureresolution ofexample.comzone
Resolver
Example.comZone
Public Key
-
7/22/2019 Advanced DHCP and DNS Deployments
80/119
Dynamic Host Configuration Protocol DHCP
Domain Name System DNS
Interaction Between DNS and DHCP
-
7/22/2019 Advanced DHCP and DNS Deployments
81/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 82
DNS Namespace and IP Addressing
DNS namespace and IP addressing architecture arefundamentally orthogonal
Name hierarchy need not follow network topology; two devices onthe same link may use different domain names
Address assignment must follow network topology, so an address
assigned to a device must come from a prefix assigned to the link
but name and address management interact inseveral ways
IP addresses in PTR records
Configuration of host to know DNS servers (evaluation order)Configuration of host for evaluation order
Reverse delegationDelegation of IP addresses impliesdelegation of zone authority
-
7/22/2019 Advanced DHCP and DNS Deployments
82/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 83
Address Assignment and DNS
RRset(s) for a device must be updated withaddress(es) assigned to the device
IP addresses inA/AAAARRs for the devices FQDN
must reflect the IP addresses assigned to the host
Static: simultaneously add entries to DHCP and DNSservices
Automatic: simultaneously add entries when address is firstassigned
Dynamic: add entries when address is first assigned;update RRs if address changes; delete RRs if leaseexpires
-
7/22/2019 Advanced DHCP and DNS Deployments
83/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 84
Getting New IP Addresses into DNS
Update DNS server database manuallyEdit configuration file
Through a GUI
(Dynamic) DNS Update (DDNS) from host
Host sends DNS Update when new address is assigned
What name to use/allow?
Update both forward and reverse?
Authentication and authorization requires trust relationship
with each host; does this scale?What if the DHCP address lease expires?
-
7/22/2019 Advanced DHCP and DNS Deployments
84/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 85
Getting New IP Addresses into DNS
DNS update from DHCP server
DHCP and DNS servers must have a trustrelationship; fewer components to secure
Can purge expired addressRequires explicit collaboration if DHCP andDNS servers are in different admin domains
Only works for addresses assignedthrough DHCP
DHCP
ClientDHCP Relay
Agent
Organization
Network
DHCP
Server
DHCP Client DHCP Service
example
Name Server
comName
Server
widgets Name
Server
DNS Database
Root
Server
bvolz.widgets.example.com
DNS update forbvolz.widgets.example.com
-
7/22/2019 Advanced DHCP and DNS Deployments
85/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 86
Why Use DNS Update?
Mobility is easierLaptops are not the only devices that uses IP addresses andneed domain names
Platform and proprietary solutions have existed, buta standardized version was missing
Fast, secure updates of the DNS are required
DNS Update provides mechanism in DNS to updateRRs
Can be secured (i.e., TSIG)Used by host (with appropriate trust and security)
Used by DHCP server (for reverse and perhaps forward)
-
7/22/2019 Advanced DHCP and DNS Deployments
86/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 87
Update of PTR Record
PTRrecords should be updated at same time asA(andAAAA) when addresses are changed
If addresses are assigned through DHCP, thenetwork admin owns the address (reverse zone)
and should have the DHCP server do the updateDHCP server can learn host FQDN through DHCP optionsor can enforce its own naming policy
If clients name used, assumes implicit trust relationshipbetween host and DHCP server - host is authorized to use
name
Explicit authentication of host identity and authorization ofhost to use name and authentication of DHCP messageexchange is an unsolved problem
Cisco IOS DHCP Client and Server
-
7/22/2019 Advanced DHCP and DNS Deployments
87/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 88
DHCP
Server
Organization
Network
DHCP Client DHCP Service
example Name
Server
comName
Server
widgets Name
Server
DNS Database
Root
Server
router.widgets.example.com
DHCPClient
*RFC 4702 DHCP client FQDN option
Running DDNS
The Cisco IOS DHCP client canperform DNS* or HTTP updates anduse client FQDN option tocommunicate choice to the DHCPserver
The Cisco IOS DHCP server canperform DNS* or HTTP updates anduses or override client preference
C fi i f H f DNS
-
7/22/2019 Advanced DHCP and DNS Deployments
88/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 89
Configuration of Host for DNS
Obtaining pointers to DNS service is almost asimportant to host operation as obtaining an IPaddress
DHCP service can be (and usually is) configured to
pass information about DNS to the DHCP client viaDHCP options
Addresses of recursive servers
List of domain names for FQDN resolution
-
7/22/2019 Advanced DHCP and DNS Deployments
89/119
Dynamic Host ConfigurationProtocol DHCP
DHCP Scale Considerations
DHCP Reliability Considerations
IPv6 and DHCP
Domain Name System DNS
DNS Deployment
DNS Service Security
Interaction Between DNS and DHCP
NMS i ff d
-
7/22/2019 Advanced DHCP and DNS Deployments
90/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 91
NMS sessions offered (1 of 2)Session Title
Monday:
BRKNMS-1204
Introduction to Network Performance Measurement with Cisco IOS
IP Service Level Agent
BRKNMS-2032 Rapid and Repeatable Service Delivery Through Automation
BRKNMS-3021 Advanced Cisco IOS Device Instrumentation
Tuesday:
BRKNMS-1032 Network Management KPI's
BRKNMS-1532 Introduction to Accounting Principles with NetFlow and NBAR
BRKNMS-2010 Using a Network Hypervisor to Build Public and Private Clouds
BRKNMS-2031 SYSLOG Design, Methodology and Best Practices
BRKNMS-2035 Ten Cool LMS Tricks to Better Manage Your Network
BRKNMS-2501 Enterprise QoS Deployment, Monitoring and Management
NMS sessions offered (2 of 2)
-
7/22/2019 Advanced DHCP and DNS Deployments
91/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 92
Session Title
Wednesday:
BRKNMS-2031 SYSLOG Design, Methodology and Best Practices
BRKNMS-1942 Managing Infrastructure as a Service (IaaS) for Cloud Environment
BRKNMS-2499 Operating and Managing Converged Enterprise Architectures
BRKNMS-3043
Advanced Performance Measurement for Critical IP Traffic with
Cisco IOS IP Service Level Agreements
BRKNMS-3132 Advanced NetFlow
Thursday:
BRKNMS-2006 Energy Management
BRKNMS-2030 Onboard Automation with Cisco IOS Embedded Event Manager
BRKNMS-2640 Advanced DHCP and DNS Deployments
BRKNMS-2658 Securely Managing Your Networks and SNMPv3
BRKNMS-1035 The NOC at CiscoLive
Complete Your OnlineS i E l ti
-
7/22/2019 Advanced DHCP and DNS Deployments
92/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 93
Session Evaluation
Receive 25 Cisco Preferred Access points for each sessionevaluation you complete.
Give us your feedback and you could win fabulous prizes.Points are calculated on a daily basis. Winners will be notifiedby email after July 22nd.
Complete your session evaluation online now (open a browserthrough our wireless network to access our portal) or visit oneof the Internet stations throughout the Convention Center.
Dont forget to activate your Cisco Live and Networkers Virtual
account for access to all session materials, communities, andon-demand and live activities throughout the year. Activateyour account at any internet station or visitwww.ciscolivevirtual.com.
R d d R di
http://www.ciscolivevirtual.com/http://www.ciscolivevirtual.com/ -
7/22/2019 Advanced DHCP and DNS Deployments
93/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 94
Recommended Reading
The DHCP Handbook
Ralph Droms and Ted Lemon.
Sams Publishing, 2002.
ISBN: 978-0-672-32327-3
Available Onsite at the Cisco Company Store
R d d R di
-
7/22/2019 Advanced DHCP and DNS Deployments
94/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 95
Recommended Reading
DNS and BINDby Cricket Liu & Paul AlbitzOReillyISBN: 978-0-596-10057-5
Available Onsite at the Cisco Company Store
R d d R di
-
7/22/2019 Advanced DHCP and DNS Deployments
95/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 96
Recommended Reading
IP Address ManagementPrinciples and Practice
by Timothy Rooney
ISBN 978-0-470-58587-0
Introduction to IP AddressManagement
by Timothy Rooney
ISBN 978-0-470-58588-7
http://www.amazon.com/Introduction-Address-Management-Press-Network/dp/0470585889/ref=sr_1_2?ie=UTF8&s=books&qid=1306371960&sr=1-2http://www.amazon.com/Introduction-Address-Management-Press-Network/dp/0470585889/ref=sr_1_2?ie=UTF8&s=books&qid=1306371960&sr=1-2http://www.amazon.com/Address-Management-Principles-Practice-Network/dp/0470585870/ref=sr_1_1?ie=UTF8&s=books&qid=1306371960&sr=1-1 -
7/22/2019 Advanced DHCP and DNS Deployments
96/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 97
Thank you.
-
7/22/2019 Advanced DHCP and DNS Deployments
97/119
Appendix A:Terminology, Acronyms, References
Terminology
-
7/22/2019 Advanced DHCP and DNS Deployments
98/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 99
Terminology
Class A field in a DNS Resource Record that class fieldspecifies the protocol group (usually IN for Internet)
DDNS A method for dynamic updates to DNS data through DNSmessages
DHCP Server Responds to DHCP messages; manages IP addressassignment and reclamation; assigns configurationinformation to hosts
DHCP Client Initiates DHCP message exchanges; implemented on ahost to obtain an IP address and other configurationinformation for the host
DHCP Relay Agent A function of a network element like a router, thatforwards DHCP messages between clients and serversand eventually modifies the messages
DHCPv6 PD Prefix delegation for DHCPv6; an extension to DHCPv6that allows a DHCPv6 server to delegate prefixes to otherDHCPv6 servers thus forming a delegation hierarchy
DNSSEC A method for securing DNS RRs using public/private keysand a trust chain to authenticate the public key
Terminology
-
7/22/2019 Advanced DHCP and DNS Deployments
99/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 100
Terminology
Domain A subtree of the global DNS name space. Often used torefer to an organizations subtree, e.g., the MIT domain,the ISI.EDU domain, the root domain
EDNS0 Updates to the DNS protocol, expanding several fieldsand allowing for longer UDP messages (RFC 2671)
FQDN Fully qualified domain name; the name of a node in theDNS name space
Link A communication facility or medium over which nodescan communicate at the link layer (RFC 2460)
Name Server A program that holds DNS data and answers queries
ODAP On Demand Address Pools; an extension to DHCPv4 thatallows DHCP servers to assign and recover addresses inaddress pools
Prefix A bit string that consists of some number of initial bits of an address (RFC 2461)
Recursive Server A program that accepts a DNS resolution request from ahost and exchanges DNS protocol messages to completethe name resolution
Terminology
-
7/22/2019 Advanced DHCP and DNS Deployments
100/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 101
Terminology
Resolver A program that accepts DNS resolution requests from anapplication and initiates a DNS protocol messageexchange
Root Server The name servers for the root of the DNS name space
RR Resource Record; the atomic unit of information in thedomain system
RRset A set of all RRs associated with an FQDN and typeSIG(0) A method for securing DNS message exchanges using
public/private keys (not in common use)
TLD Top level domain; e.g., .com, .edu, .org, .uk
TSIG A method for securing DNS message exchanges using ashared secret or GSS-API
TTL Time-to-LiveA field in a DNS Resource Record thatspecifies how long a domain resolver should cache theRR before it throws it out and asks a domain server again
Zone A zone is a portion of the DNS name space that ismanaged as a unit
DNS and the IETF
-
7/22/2019 Advanced DHCP and DNS Deployments
101/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 102
DNS and the IETF
DNS is a product of the IETF; specifications are publishedin RFCs
Original specification: RFC 1034, RFC 1035
DNS dynamic updates (DDNS): RFC 2136
EDNS0: RFC 2671
DNS securityDNSSEC: RFC 4033, RFC 4034, RFC 4035, RFC 5155
SIG(0): RFC 2931
TSIG: RFC 2845
DNS extensions (dnsext) working group of the IETF continues
to develop extensions to DNS DNS operations (dnsop) working group develops guidelines
for the operation of DNS software servers and theadministration of DNS zones
-
7/22/2019 Advanced DHCP and DNS Deployments
102/119
-
7/22/2019 Advanced DHCP and DNS Deployments
103/119
Significant Extensions
-
7/22/2019 Advanced DHCP and DNS Deployments
104/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 105
Significant Extensions
Relay agent options (RFC 3046)
DHCP message authentication (RFC 3318, RFC4030)
DHCP for IPv6 (RFC 3315) and DHCPv6 prefixdelegation (RFC 3633)
Many new options, redefinition of option codespace to allow for more DHCP options
IETF Standards
-
7/22/2019 Advanced DHCP and DNS Deployments
105/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 106
IETF Standards
RFC 951 (Bootstrap Protocol)
RFC 1048, 1395, 1497, 1542, 2132 (BOOTP Vendor Info)
RFC 1534 (Interoperation Between DHCP and BOOTP)
RFC 2131 (Dynamic Host Configuration Protocol)
RFC 3004 (User Class Option for DHCP)
RFC 3011 (IPv4 subnet selection)
RFC 3046 (DHCP Relay Agent Information Option)
RFC 3074 (DHCP Load Balancing)
RFC 3256 (The DOCSIS Device Class DHCP Relay Agent Information Suboption)
RFC 3442 (The Classless Static Route Option for Dynamic Host Configuration Protocol[DHCPv4])
RFC 3495 (Dynamic Host Configuration Protocol (DHCP) Option for CableLabs Client)
RFC 3527 (Link Selection Suboption for the Relay Agent Information Option for DHCPv4)
RFC 3594 (PacketCable Security Ticket Control Suboption for the DHCP CableLabsClient Config [CCC])
RFC 3315, 3633, 3736 (DHCP for IPv6, Prefix option, Stateless DHCP for IPv6)
-
7/22/2019 Advanced DHCP and DNS Deployments
106/119
Appendix B:DHCP as an IP address
management system
IPv4 Address Management
-
7/22/2019 Advanced DHCP and DNS Deployments
107/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 108
IPv4 Address Management
IPv4 address planStart with network link topology
Estimate hosts on each link
Pick IPv4 prefix length (subnet mask) to accommodate
expected hostsAssign IPv4 prefixes for aggregation
Can split a prefix later when new links are added
Sources of Information About Networks
-
7/22/2019 Advanced DHCP and DNS Deployments
108/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 109
Sources of Information About Networks
Network management tools should contain IPaddresses in use, observed or planned
Router configurations provide
Interfaces for link topology
Assigned networks and subnet masks
Can be obtained with grep from Cisco IOS
egrep ^[ \t]ip address *-confg |grep255\.255
Can be queried using SNMP
snmpwalk {options} mib-2.ip.ipAddrTable
How Do You Count theNumber Of Devices?
-
7/22/2019 Advanced DHCP and DNS Deployments
109/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 110
Number Of Devices?
00:fa:66:ee:2e:8b:12:aa
00:fa:66:e1:2e:8b:52:aa
00:fa:66:e1:2b:8b:12:aa
00:fa:66:3c:2e:8b:12:aa
00:fa:88:e1:2e:8b:22:aa
00:fa:16:e1:2e:8b:12:aa
00:fa:61:e1:2e:8b:12:aa
f0:fa:66:e1:2e:8b:12:aa
0f:fa:66:e1:2e:8b:12:aa
00:fa:66:e1:2e:8b:12:aa
00:fa:66:e1:2e:8b:12:9a
00:fa:66:e1:2e:8b:12:ea
00:fa:66:e1:2e:8b:12:aa
00:fa:66:e1:2e:8b:12:aa00:fa:66:ec:2e:8b:12:aa
00:fa:66:e1:2e:8b:12:aa00:fa:66:e1:2e:8b:12:aa
00:fa:66:e1:2e:8b:12:aa00:fa:66:e1:2e:8b:12:aa00:fa:66:e1:2e:8b:12:aa
Host Address Management
-
7/22/2019 Advanced DHCP and DNS Deployments
110/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 111
Host Address Management
Address assignmentManual
Static, automatic, dynamic => DHCP
Auto-configuration
DHCP service has to choose address from rightprefix
Address plan configured into DHCP server
DHCP server identifies subnet to which client is attachedfrom giaddr and chooses an address from the prefix for
that linkDHCP server uses Option 82 to identify last mile copperpair and decides subnet for customer
-
7/22/2019 Advanced DHCP and DNS Deployments
111/119
Appendix C:
DHCP Class of Service
Examples of Class of Service
-
7/22/2019 Advanced DHCP and DNS Deployments
112/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 113
Examples of Class of Service
Address leasesHow long a set of clients shouldkeep its addresses
IP address rangesFrom which lease pool toassign clients addresses, example: walled garden
DNS server addressesWhere clients shoulddirect their DNS queries
DNS hostnamesWhat name to assign clients
Denial of serviceWhether unauthorized clientsshould be offered leases
How the Client Is Classified
-
7/22/2019 Advanced DHCP and DNS Deployments
113/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 114
How the Client Is Classified
MAC address
Link (=subnet) to which client is attached
Port to which client is attached
Device type: PC, IP phone, cable modem
Device status: unauthenticated/authenticated
DHCP Relay: Centralized DHCP Service
-
7/22/2019 Advanced DHCP and DNS Deployments
114/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 115
DHCP Relay: Centralized DHCP Service
DHCP client broadcasts aDHCPDISCOVER packet
Relay agent on the router receivesthe message, fills in the giaddrfield with IP address of thereceiving interface of router, and
forwards it to the server
DHCP relay agent forwards(unicasts) the packet to multipleDHCP server ; client will choosethe best DHCPOFFER
DHCP server uses giaddr fieldof DHCP packet as an index intothe network topology and selectsan address from 192.168.1.0/24
Network Prefix
192.168.1.0/24
Relay Agent
IP Address
192.168.1.1
DHCP
Client
Organization
network
DHCP Server
192.168.200.8
Network Prefix
192.168.2.0/24
Relay Agent
IP Address
192.168.2.1DHCP
Packet
GIADDR
Relay Agent
IP Address
192.168.50.1
Relay Agent Options
-
7/22/2019 Advanced DHCP and DNS Deployments
115/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 116
Relay Agent Options
Relay agent can attach additional information to DHCP message inrelay agent options
Originally defined in RFC 3046 for cable broadband
Option encodes information about source of DHCPDISCOVER or DHCPREQUESTMESSAGE
Server returns options back to relay agent, which uses information to forwardmessage to cable modem client
Additional relay agent options encode informationsuch as DOCSIS device class, subnet for address assignment
DHCP Relay Options
-
7/22/2019 Advanced DHCP and DNS Deployments
116/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 117
DHCP Server192.168.1.5
DHCP Server192.168.2.5
DHCP Client
DHCP Relay Options
DHCP
Request
GIADDR
Option 82
DHCP
Request
Option 82
DHCP
Request
-
7/22/2019 Advanced DHCP and DNS Deployments
117/119
2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2640 118
-
7/22/2019 Advanced DHCP and DNS Deployments
118/119
Visit the Cisco Store for RelatedTitles
http://theciscostores.com
http://theciscostore.com/http://theciscostore.com/ -
7/22/2019 Advanced DHCP and DNS Deployments
119/119
Thank you.