Posted: March 9th, 2023

Since DNS provides the name resolution necessary to access resource

1. Since DNS provides the name resolution necessary to access resources on the Internet, it is important to secure it. As a result, there have been many different technologies proposed over the past decade aimed to secure DNS traffic, including DNS over TLS (DoT) and DNS over HTTPS (DoH). Visit the CloudFlare DNS learning page at https://www.cloudflare.com/learning/dns/dns-over-t… and read the following sections.

Understand why DNS needs greater security, and why DNS privacy is important
Learn how DNS over TLS and DNS over HTTPS work, and the differences between them
Explain the pros and cons of both approaches
Compare DNS over TLS/HTTPS to DNSSE
Ace my homework – Write a post of at least 100 words summarizing what you learned. What questions do you have for further research after reading this article?
1. Scenario: You have learned how to implement name resolution services (DNS, WINS), as well as provide IP configuration using DHCP. Your organization has recently expanded to include a new division that is housed in a new office location and you’ve been tasked with designing the network services that will be hosted. The new location contains a DMZ network that hosts servers, as well as multiple LANs that contain client PCs. All servers and PCs must be able to resolve FQDN and NetBIOS names within the entire organization, and the administrative overhead for configuring IP must be kept to a minimum.

Read the scenario.
Ace my homework – Write a report of at least 100 words outlining your answers to the following questions:
What DNS and DHCP configuration would you implement in this new office?
Is WINS necessary? If so, how should you configure it?

DNS is an essential service that translates domain names into IP addresses that devices can use to access resources on the internet. However, traditional DNS protocols lack sufficient security measures, making them vulnerable to various types of attacks. DNS security is, therefore, crucial to ensure privacy, confidentiality, and integrity of DNS traffic. The use of DNS over TLS (DoT) and DNS over HTTPS (DoH) is aimed at improving DNS security by encrypting the communication channel between clients and servers.

DoT and DoH work by wrapping the DNS traffic in a secure protocol, TLS or HTTPS, respectively, and transmitting it through an encrypted tunnel. The main difference between the two approaches is that DoT uses the default DNS port 53 while DoH uses the standard HTTPS port 443.

The advantages of DoT/DoH are that they provide end-to-end encryption, reducing the likelihood of interception, tampering, or eavesdropping. Additionally, they prevent DNS spoofing attacks, which involve redirecting users to malicious websites. However, their implementation requires support from both client and server sides, which can limit their effectiveness.

DNSSEC, on the other hand, provides a digital signature to DNS responses, ensuring that the response has not been modified in transit. It can be used in conjunction with DoT/DoH to provide a more comprehensive DNS security solution.

Regarding the scenario, I would implement DNS and DHCP servers within the DMZ network to serve all LANs and clients within the organization. The DNS configuration should include forwarding all unresolved queries to an external DNS server for resolution. I would also enable DNS scavenging to remove stale records and reduce the risk of DNS cache poisoning.

As for DHCP, I would configure it to provide IP addresses, subnet masks, and default gateways to all client devices within the LANs, with a lease time that ensures minimum administrative overhead. WINS is not necessary in this scenario, as the DNS and DHCP servers will be responsible for resolving all NetBIOS names.

In conclusion, DNS security is crucial for protecting the privacy, confidentiality, and integrity of DNS traffic. DoT/DoH and DNSSEC are some of the approaches used to secure DNS traffic. The scenario requires the implementation of DNS and DHCP servers within the DMZ network, with forwarding of unresolved queries to external DNS servers. WINS is not necessary in this scenario. Further research could focus on the implementation details of DoT/DoH and DNSSEC in enterprise networks.

Order | Check Discount