CompTIA Linux+ XK0-005 – Unit 09 – Networking Part 6

  • By
  • August 1, 2023
0 Comment

44. Demo – Viewing Daemon Startup Options

All right, so we’re going to talk about this Internet super daemon and we’re going to take a look at where that is set up, at least on Debian. Remember, it’s different in different versions. If you are running Red Hat, this would be the Xin ETD config file that you’d be using. So here is what they’re calling the Super Server configuration database. And remember, the goal is that this is showing us that if it was enabled, that it would be able to help us with a lot of these seldomly used types of services. Let me hit the page down that you might be wanting to basically control through a single Damon, like in this case, as they’re calling it, the Super Server Configuration Database.

So that’s just a quick way of seeing what it would be set up to do. Again, it’s not on by default. Now we’re going to do another little listing command and we’re going to look at the Etsy and look at all the RC directories that are here. In this case, these would be the links that go to the starting up services that we have. Most of these directories would have links to the binaries that we would see when we actually start up. So you’d want to probably take a look at some of those. And if specifically you wanted to see some of those services, well then you could do an LS, LFC, and then let’s pick that very first one, RC zero D.

So you can take a look at all of these services that are going to start up with each of these. Okay, so you just quickly got a tour of two different things. The two things were if you had the Super Damon running, what it would be controlling by looking at that inet D config file. And then this of course here is showing you all of the basic services that are going to start up every time you boot the system. And that was under the RC. And again, you found that under the Etsy as well. That was a quick tour of your startup options. Of course you could try to change any of these that you would like to at any point, but it’s important I think, that you know what’s going to boot up each time you reboot your Linux machine.

45. Topic C: Domain Name Services

Now we’re going to talk about another service, the domain name service. And as a network service, it has so much to it that we kind of made it its own little topic. Because it’s in our everyday life that we use both for our local networks and for the Internet.

46. DNS

Now, DNS, as I’ve said many times, stands for the Domain name system. Sometimes it’s the domain name service, whatever you like to use it, but it’s DNS. The thing about it is it’s domain names and not net BIOS names. You heard me talk about that a little while ago, that a DNS name is a hierarchical structure, like the file system in your Linux machine. A net biosname was an old Windows construction with their old net Buoy communication protocol. That was a one to 15 character name. No hierarchy. This has a hierarchy which makes sense to us because of the hundreds of millions of maybe billions of web pages and URLs that are out there. We need to have a way of being able to uniquely name everybody and basically group people into different areas for zones that DNS handles.

Wow. I just threw a lot out at you there. Okay, as an overview, DNS is a big phone book. Many of you probably don’t even know what a phone book is anymore because it’s old school technology. But it matches the names to the IP address where a phone book would match a name to a phone number. Now, having said that, a single DNS server could in no way handle that translation for everybody in the world. Impossible. There are too many names. It would be overwhelming just in the amount of hard drive space it would take to store that information, let alone how quickly it could actually look up the name and give you the IP address.

So these areas are broken into zones, and we have DNS servers that are considered to be authoritative for each zone. Well, there’s a nice reason to have a hierarchical structure because I could have a zone that handles maybe all the dot coms or a zone for all the nets. And in reality, we actually do have some different zones for just that layer of hierarchy. But even inside the. com, there are hundreds of millions of names, and so those are broken down yet into further zones. So there’s even a hierarchy to the zone. And I’m going to talk about how we put it all together in a second. So you know how DNS actually is working, at least from the perspective of you type in a web page name, you hit enter and suddenly the web page comes up and it does it pretty quickly.

47. Name Resolution Process

All right? So the name resolution process goes through what’s often called a recursive lookup. Some people call it a forward lookup, query some other names for it. But here’s the idea whatever you want to use as the name, let me just tell you what it’s going to do. When you connect to the Internet, you’re often paying for your service provider to provide you a DNS server. I mean, that’s generally the case. It’s one of the things you’re paying that service provider for besides just the connectivity. When you make the request to go to some website, whatever it is you want to go to, and you type the URL in, your machine is going to connect to your service provider’s DNS server and say, hey, I need the IP address for this location.

Now if somebody else usually within the last half hour had went to the same website, that address will be locally stored on your DNS server and it’ll come right back to you. It’s called a cache, but let’s say it’s a website nobody’s been to in the last 30 minutes, so it’s not on your server’s cache. Your server is then going to look at the name. Let’s say it was going to be www. kensdomain. com. It’s going to say, okay, the top of the hierarchy is the. com and it has a list of what we call forwarders. And it’s going to say, well, here’s an authoritative server for the. com. Let’s go ask them. So it forwards the request to that DNS server and that DNS server says, okay, yes, certainly I am in charge of the dot coms.

However, I’m not authoritative for Ken’s domain. com. There’s another server call it a subservient server that is in charge of the KENS domain. So it says basically, go ask that DNS server.So I then hit that new DNS server and that server says, oh yeah, I’m in charge of Ken’s domain and here is the IP address. So that forward lookup basically took me to the different hierarchies of your DNS name to find the servers that are authoritative for that name until I actually found the server that is in charge of all of those names for that particular domain.

Once done, you now have the IP address and you can keep it in your own local cache for however long you want, or your DNS server often will keep it for, I think by default, 30 minutes. Anyway, that process is this thing that we call the forward lookup query. And it’s important to know that the entire world of our Internet, the DNS name structure, has been broken down into these different zones and there aren’t DNS servers that are considered authoritative for those zones. And it all starts by doing the lookup on. That what I call a forwarding lookup to these known DNS servers that are in charge of each of these top level domains.

48. Demo – Resolving Names

Well, we’re going to talk a little bit about DNS and we’re going to use some tools. One of them is a tool called NS Lookup. And of course, typing and talking at the same time apparently not my strength today. So NS Lookup, wow, how exciting was that? Put me into a basic location where I can try to get an idea of what DNS information is available on my DNS server. So I typed in the command server so you can see that I’m connected to a local, very local private address, DNS server connected to it on port 53. That’s what that little pound 53 is telling me. And the idea behind it is that it’s supposed to be able to help me either directly resolve or through the forward lookup query the IP addresses of different locations as I ask different names.

So I just entered a fully qualified domain name, FTP Debian. org. It went to my server. It gave me a non authoritative answer, which means that it’s actually not in its database directly. It had to do a forward lookup query and it said that is the IP address that was given to it for that location. Okay, so very quickly, that’s one of the things that we do and try to look at these things. Now if you want to look up a name server type of record, then you would have to type in something like set type, equal, and S for the name server. And then I’m going to type in Debian. org and there it gives me the actual name servers. In other words, who was authoritative and who was responsible for the final answer that I was given that earlier address from.

And so that’s part of that forward lookups service did is it eventually found these name servers, one of these three that was authoritative and those are the ones that gave me the address. All right, so now I’m going to set my type back to any I don’t want just the name server records. And we’re going to try to look up an IP address of the DNS server for the Debian. org. And I’m going to choose the NS one Debian. org. And there are some of the addresses right there, as you can see, for the location of that particular name server. And having done that, if I wanted to, if I’m allowed to, I could try to switch my commands to that server.

In other words, turn this into an Nslookup connecting to that particular server if I’m allowed to make that connection. And once I’ve gotten in there, I can then try to put in something like FTP Debian. org and say, okay, give me the IP address. And in this case it said it can actually find that particular address. Let me put in what I had in there before, see if I can get the other one. I was kind of hoping that either I did something wrong and typing that in or it looks like I’ve got the right address in there. Let me scroll up just to make sure if it’s my making stuff up here or if that wasn’t my address that I saw before. Yeah. So I had that ftpwin. org before. In this case, it said that it could not find that particular address.

So, again, I might just choose to choose the server command and actually see this works out a little bit better. It’s giving me the addresses here for the NS one right there for the NS One server. Let me go and get that in there and then try FTP dot Debian. org. There we go. And this, of course, now, because I’m connected to their name server, gave me the authoritative answers. So let’s go back just for a second to the type as NS and sorry, set type equal to the name server. Let’s go back to Debian. org and see what was up with the responses. So that was NS One deviant. org. Okay, so sets typed equal to any and that’s NS One Debian. org. Okay. So I’m getting the answers that I didn’t have the very first time.

So I’d have to actually scroll up to see why I was given some alias addresses earlier. Those are the addresses I used the first time. But hopefully you’re following the idea of what I’m trying to do here is I’m asking for the names of the DNS servers that are authoritative for this domain. Once I got that information, I said specifically, tell me the IP address for one of those servers. And then this is the server that I use the server command on. So the server command told me to switch over and connect to that DNS server so that I can actually get in and ask directly for the IP addresses. By the way, hackers do the exact same thing that I’ve just shown you for the purpose of trying to see if your DNS server is locked down and doesn’t reveal internal addresses.

I’m not going to go to that point here. I’m just going to exit the Nslookup and use another kind of a I don’t know if it’s as popular because everybody uses the Nslookup since it also works as a command on Windows but Dig is pretty popular as one of the options that we use primarily with Linux to get into specific informations about a location or an address. So Dig, as you can see here, gave me quite a bit of information kind of all in the same one answer. In fact, you can come up here and see I’ve got some global options, flags, all the rest of it. The FTP Authority section, query time. The server, it kind of just gave me the idea of what I could really see in a record. It Dig, if I can use that as a term into giving me more information from each of those records.

Okay. And again, it was a method of looking for information, but without making the actual server connection. Okay, another thing I can do, of course, is try another command. I can try and host FTP Debian. org and take a look at that. And there you can see again, a similar address. In fact, it even gave me an IP six address for it as well, and said that apparently there are no MX records there for that particular server. So no mail exchangers. All right, so you saw Dig host, but NS lookup probably better for actually troubleshooting DNS, because you’re connected to your server, you can connect to other servers, and you can basically work right inside of the database that DNS is holding for you in the name to IP range.

49. BIND

Should you decide that you want your Linux server to provide DNS services for all of the local names on your local area network? You can do that by running a program called Bind, the Berkeley Internet named Daemon. Now, Bind is a program that is a DNS server that is very common in the Unix world and of course, in our Unixlike world of Linux. It allows us to be be able to configure a file called the named Config. To be able to set up all the information that I’ve talked about before that you need to have. Such as what information? Well, you have to be able to say who is the authoritative server? That’s probably you. For what zone are you authoritative? That’s where we put in the DNS suffix of our domain, our local machine. We call that area that we’re in charge of a zone. And so we say that we’re the authoritative server for that zone.

So anytime somebody wants to look up some server@kensdomain. com, they’re going to come to us because we’re in charge of that domain. Now, we also need to have a list or a file of all of the mappings of host names to the actual IP addresses. But there’s more to it. Our zone can actually have more than just what we called host names to the IP addresses, but we can also map network services to IP addresses, mail exchange servers to the IP address. We can even create aliases, in other words, a name that refers to a legitimate name. And we can create alias entries. And there’s many other things we can deal with. So there’s a lot of options in creating DNS, but in and of itself, it’s just a matter of configuring it so that we respond to any request that is in our zone. And that’s kind of the setup of what we’re trying to resolve. Names to IP addresses.

Comments
* The most recent comment are at the top

Interesting posts

The Growing Demand for IT Certifications in the Fintech Industry

The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »

CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared

In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »

The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?

If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »

SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification

As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »

CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?

The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »

Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?

The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »

img