1. Gii thiu DNS : Mi my tnh trong mng mun lin lc hay trao i thng tin, d liu cho nhau cn phi bit r a ch IP ca nhau. Nu s lng my tnh trong mng nhiu th vic nh nhng IP ny l rt kh khn Mi my tnh ngoi a ch IP ra cn c tn my (host name). i vi con ngi th vic nh tn my bao gi cng d nh hn a ch IP v chng c tnh trc quang v gi nh hn. Do ngi ta tm cch nh x a ch IP thnh tn my. Lc u do quy m ca mng APRA NET (tin thn ca mng Internet ngy nay) ch c vi trm my nn ch c 1 tp tin hosts.txt lu thng tin dng nh x tn my thnh a ch IP, do tn my ch l 1 chui vn bn khng phn cp (flat name). Tp tin ny c lu ti 1 my ch v cc my ch khc lu bn sao ca n. Khi quy m mng ln hn th vic s dng file hosts.txt ny bc l cc khuyt im sau : 1. Lu lng mng v my ch cha tp tin hosts.txt b qu ti do hiu ng c chai. 2. Xung t tn : khng th c 2 my c cng tn trong tp tin hosts.txt (do cha c c ch phn cp v y quyn qun l tn). 3. Khng m bo s ton vn : vic duy tr 1 tp tin trn mng ln rt kh khn. V d nh khi tp tin hosts.txt va cp nht cha kp chuyn n 1 my ch khc xa th c s thay i a ch trn mng ri. Tm li : vic s dng tp tin hosts.txt khng ph hp cho 1 mng ln v thiu tnh phn tn v m rng. Do dch v DNS ra i, v ngi thit k cu trc ca dch v DNS l Paul Mockapetris USCs Information Sciences Institute v cc kin ngh RFC ca DNS l RFC 882 v 883, sau l RFC 1034 v 1035 cng vi 1 s RFC b xung nh bo mt trn h thng DNS, cp nht cc record ca DNS Lu : hin nay trn cc my ch vn s dng tp tin hosts.txt phn gii tn my tnh thnh a ch IP (trong Windows tp tin ny nm trong ng dn WINDOWS\system32\drivers\tec) Dch v DNS hot ng theo m hnh Client-Server : Server : c chc nng l phn gii tn--->IP v ngc li IP--->tn, c gi l Name Server, lu tr c s d liu ca DNS Client : truy vn phn gii tn n DNS server c gi l Resolver, cha cc hm th vin dng to cc truy vn (query) n Name Server. DNS c thi hnh nh 1 giao thc ca tng Application trong m hnh mng TCP/IP DNS l 1 c s d liu dng phn tn c t chc theo m hnh cy (hierarchical) :

Mt hostname trong domain l s kt hp gia nhng t phn cch nhau bi du chm (.) V d : tn my l server1 gi l hostname. Tn y trong domain theo m hnh trn th l server1.sales.south.nwtraders.com gi l FQDN (Fully Qualified Domain Name). C s d liu (CSDL) ca DNS l 1 cy o ngc, mi node trn cy l gc ca 1 cy con. Mi cy con l 1 phn vng con trong ton b CSDL ca DNS gi l 1 domain. Mi domain c th phn chia thnh cc min con nh hn gi l subdomain. Cc top-level domain :

V s qu ti ca cc domain name tn ti, do lm pht sinh nhng top-level domain mi. Bng sau y lit k cc top-level domain mi

Bn cnh , mi quc gia cng c top-level domain. Bng sau s lit k 1 s top-level domain ca 1 s quc gia trn th gii. 2. c im ca DNS trong Windows Server 2003 - Conditional forwarder : cho php Name Server chuyn cc request resolve theo tn domain trong request query.

- Stub zone : h tr cho c ch phn gii hiu qu hn. - DNS zone in replication in Active Directory : ng b cc DNS zone trong Active Directory. - Cung cp 1 s c ch bo mt tt hn so vi cc h thng Windows trc y - Round Robin : lun chuyn cc loi Resource Record - Event View : cung cp nhiu c ch ghi nhn v theo di cc li trn DNS. - H tr giao thc DNS Security Extensions (DNSSEC) cung cp cc tnh nng bo mt cho vic lu tr v replicate zone. - Cung cp tnh nng EDNS0 (Extension Mechanisms for DNS) cho php DNS Requestor qung b nhng zone transfer packet c kch thc ln hn 512 byte 3. Cch phn b d liu qun l domain Cc top-level domain c qun l bi nhng Root Name Server (.) trn Internet. Gi l Root Hints. Tn my v a ch IP ca nhng Name Server ny c cng b cho mi ngi bit v cc Name Server ny c bo mt rt k (c qun i bo v). ng dn ca file cha thng tin Root Hints trn Name Server : %SystemRoot%\System32\DNS\cache.dns. File ny c gi l root name server hints file. Nhng Name Server ny c b tr khp ni trn th gii. Sau y l bng lit k tn v a ch IP ca cc Root Name Server ny

V tr ca 13 root name server trn bng th gii DNS server gm c 2 loi : - Primary name server : l DNS server chnh, trn cho php thm, xa sa CSDL ca DNS - Secondary name sever : l DNS server ph, backup li CSDL ca Primary. Khng c thay i CSDL DNS. Trong trng hp Primary name server b fail, Secondary c s dng phn gii tn. Sau 24h nu Secondary name server khng c chuyn ln Primary name server th CSDL DNS ca n s b expire (ht hn s dng) v lc n s khng phn gii tn c na. Thng th cc Name Server ny hot ng theo c ch Load Balancing hay Cluster tng tnh Performing v Fault-Tolerance

M hnh Cluster DNS 4. C ch phn gii tn - DNS service c 2 chc nng chnh l phn gii tn --> IP v IP --> tn. 4.1 Phn gii tn thnh a ch IP Root Name Server l my ch qun l cc name server mc top-level domain. Khi c query v 1 tn domain no th Root Name Server s cung cp tn v a ch IP ca name server qun l top-level domain (thc t th hu ht cc root server cng chnh l my ch qun l top-level domain) v n lc cc name server ca top-level domain cung cp danh sch cc name server c quyn trn cc secon-level domain m domain ny thuc vo. C nh th n khi no tm c my ch qun l tn domain cn truy vn. Qua qu trnh trn cho thy vai tr rt quan trng ca Root Name Server trong qu trnh phn gii tn domain. Nu mi Root Name Server trn mng Internet khng lin lc c vi nhau th mi yu cu phn gii tn u s khng c thc hin. V d : client cn truy cp trang web Yahoo! th client s yu cu phn gii a ch IP ca web server no c cha website Yahoo! ny. u tin client s tm trong cache ca n, nu cache ca n khng c th n s gi request querry n DNS local (nu trong mng ni b c DNS server). Sau DNS local cng s tm trong cache ca n, nu c n s gi a ch IP cn truy vn n cho client, nu cache khng c th lc ny DNS local s gi request query ny n 1 Root Name Server no gn n nht m n bit c. Sau Root Name Server ny s tr li a ch IP ca Name Server qun l min .com cho DNS local. DNS local li hi tip name server qun l domain .com min yahoo.com a ch IP l bao nhiu. Cui cng DNS local truy vn my ch qun l domain Yahoo! v nhn c cu tr li. C 2 dng truy vn (query) : - Recursive query : khi Name Server nhn c truy vn dng ny, n bt buc phi tr kt qu tm c hoc thng bo li nu nh truy vn ny khng phn gii c. Name Server khng th tham chiu n 1 Name Server khc. Name Server c th gi truy vn dng recursive hoc interative n Name Server khc nhng phi thc hin cho n khi no c kt qu mi thi.

DNS server kim tra cache v forward lookup zone gi li query

Recursive query - Interative query : khi Name Server nhn c truy vn dng ny, n s tr li cho Resolver vi thng tin tt nht m n c c vo thi im lc . Bn thn Name Server khng thc hin bt c 1 truy vn no thm. Thng tin tr v lc c th ly t d liu cc b (k c cache). Trong trng hp Name Server khng tm thy thng tin trong d liu cc b n s tr v tn min v a ch IP ca Name Server no gn nht m n bit.

Interactive query Tm li : - Truy vn gia Resolver ---> DNS Server l recursive query - Truy vn gia DNS Server ---> DNS Server l interactive query 4.2 Phn gii a ch IP thnh tn host

c th phn gii tn my tnh ca 1 a ch IP, trong khng gian tn min ngi ta b xung thm 1 nhnh tn min m c lp ch mc theo a ch IP. Phn khng gian ny c tn min l in-addr.arpa. Mi node trong min in-addr.arpa c 1 tn nhn l ch s thp phn ca a ch IP. V d min in-addr.arpa c th c 256 subdomain tng ng vi 256 gi tr t 0 --> 255 ca byte u tin trong a ch IP. Trong mi subdomain li c 256 subdomain con na ng vi byte th 2. C nh th v n byte th 4 c cc bn ghi cho bit tn min y ca cc my tnh hoc cc mng c a ch IP tng ng. 5. Mt s khi nim c bn 5.1 Domain Name v Zone Mt domain c th c 1 hoc nhiu domain con bn trong n gi l subdomain. V d : domain com c nhiu domain con nh vnnetpro.com, yahoo.com, google.com, Bn c th delegation control cho cc DNS Server khc qun l. Nhng domain v subdomain m DNS Server qun l gi l Zone. Nh vy 1 zone c th gm 1 domain, 1 hoc nhiu subdomain

Zone v Domain Cc loi zone : - Primary zone : cho php c v ghi c s d liu - Secondary zone : l bn sao c s d liu DNS ca Primary zone, c c nh qu trnh zone transfer (phi c primary zone cho php transfer).

- Stub zone : cha bn sao c s d liu DNS ca zone no , n ch cha 1 vi resource record. 5.2 Delegation Mt trong cc mc tiu khi thit k h thng DNS l kh nng qun l phn tn thng qua c ch y quyn (delegation control). Trong 1 domain c th t chc thnh nhiu subdomain, mi subdomain c th c y quyn cho 1 t chc khc v t chc chu trch nhim duy tr thng tin trong subdomain ny. Khi parent domain ch cn 1 con tr, tr n subdomain ny khi c truy vn n subdomain . 5.3 Forwarder L k thut cho php DNS Server local chuyn yu cu truy vn cho cc DNS Server khc phn gii cc domain bn ngoi.

Forwarder DNS queries Theo m hnh trn th ta thy khi lnternal DNS server nhn yu cu truy vn ca Computer1, th n s kim tra xem c th phn gii c tn min ny hay khng, nu khng phn gii c th n s chuyn yu cu ny ln Forwarder DNS Server (multihomed) nh Name Server ny phn gii dm. Sau khi xem xt xong th Forwarder DNS Server s tr li yu cu ny cho Internal DNS Server hoc n s tip tc forwarder ln cc Name Server khc ngoi Internet. 5.4 Stub Zone L zone cha bn sao c s d liu DNS t Master Name Server. Stub zone ch cha cc resource record cn thit nh : A, SOA, NS, 1 hoc vi a ch ca Master Name Server h tr c ch cp nht Stub zone, c ch chng thc Name Server trong zone v cung cp c ch phn gii tn domain c hiu qu hn, n gin ha cng tc qun tr. 5.5 Resolver Resolver l nhng Client truy vn Name Server. Bt k my tnh no cn truy vn thng

tin v Domain Name u dng Resolver. Resolver m nhn 3 vai tr sau : - Querying a Name Server : truy vn 1 Name Server. - Interpreting Responses : phn gii kt qu. - Returning the information to the programs that requested it : tr kt qu v cho chng trnh yu cu. 5.6 Dynamic DNS Dynamic DNS l phng thc nh x tn min --> a ch IP c tn sut thay i cao, dynamic DNS cung cp 1 chng trnh c bit chy trn my tnh ca ngi s dng dch v dynamic DNS gi l dynamic DNS Client. Chng trnh ny gim st s thay i a ch IP ti host v lin h vi h thng DNS mi khi a ch IP ca host thay i v sau update thng tin vo c s d liu DNS v s thay i a ch . DNS Client ng k v cp nht resource record ca n bng cch gi dynamic update.

Dynamic update Cc DHCP Server ng k v cp nht resource record cho client

DHCP Server cp nht Dynamic update

DHCP & DNS Interaction for pre-Windows 2000 Clients

DHCP and DNS Interaction 5.7 Caching DNS Server v Client s lu li nhng truy vn (caching) khi c truy vn ln sau n s tm trong cache trc, nu cache c n s tr li ngay lp tc m khng cn truy vn na. u ny gip cho mng hot ng nhanh hn (tng performing). 5.8 Time to live (TTL) Nhng d liu c cache li trong DNS server hoc Client s khng tn ti vnh vin v c th thng tin ca d liu thc t b thay i bi Primary Name Server ph trch cho d liu . TTL l thi gian m cc DNS Server hoc Client c php cache thng tin truy vn c, sau thi gian cc DNS Server hoc Client s phi hy tt c cc cache v i ly thng tin mi bng cch truy vn li. Gi tr TTL ny c th c thay i bi ngi qun tr trong vic khai bo TTL cho d liu . 5.9 Active Directory Intergrated Zone S dng Active Directory Intergrated Zone c 1 s thun li sau : - Security : c s d liu DNS c tch hp chung vi Active Directory nn khng cn dng plaintext khi transfer na m c encypt chung vi c s d liu ca AD. - Replicate : s dng c ch replicate ca AD update v replicate DNS database - S dng Security Dynamic update - S dng nhiu Master Name Server qun l Domain Name thay v ch s dng 1 Master Name Server

M hnh Active Directory Intergrated zone s dng Security Dynamic Update

Secure Dynamic Update 6. Phn loi Domain Name Server 6.1 Primary Name Server Mi Domain phi c 1 Primary Name Server. Server ny c register trn Internet qun l Domain. Mi ngi trn Internet u bit tn my tnh v IP ca Server ny. Ngi qun tr DNS s t chc cc c s d liu DNS trn Primary Name Server. Server ny m nhn vai tr chnh trong vic phn gii tt c cc my tnh trong Domain hay Zone 6.2 Secondary Name Server Mi Domain c 1 Primary Name Server qun l c s d liu DNS. Nu nh Server ny tm ngng hot ng v 1 l do no th vic phn gii DNS b gin on. trnh trng hp ny ng ta thit k ra 1 my ch d phng gi l Secondary Name Server (hay cn gi l Slave). Khi Secondary Name Server c khi ng n s tm Primary Name Server no m n c php ly d liu v my. N s copy li ton b CSDL DNS ca Primary Name Server m n c php transfer (qu trnh ny gi l qu trnh Zone Transfer). Theo 1 chu k no do ngi qun tr quy nh th Secondary Name Server s sao chp v cp nht CSDL t Primary Name Server. Cc bc ca mt qu trnh Zone transfer

Zone Transfer 6.3 Caching Name Server Caching Name Server khng c bt k tp tin CSDL no. N c chc nng phn gii tn my trn nhng mng xa thng qua nhng Name Server khc. N s lu li nhng thng tin c phn gii trc v c s dng li nhng thng tin ny nhm mc ch : - Lm tng tc phn gii bng cch s dng cache. - Gim bt gnh nng phn gii tn my cho cc Name Server. - Gim vic lu thng trn nhng mng ln. Quy trnh truy vn v cache li trn my tnh

Bng cache 7. Resource Record (RR) RR l mu thng tin dng m t cc thng tin v c s d liu DNS, cc mu thng tin ny c lu trong cc file c s d liu ca DNS (%systemroot%\system32\dns) 7.1 SOA (Start of Authority) Trong mi tp tin CSDL phi c 1 v ch 1 record SOA. Bng ghi SOA ny ch ra rng Primary Name Server l ni cung cp thng tin tin cy t d liu c trong zone. C php ca 1 record SOA : [tn-min] IN SOA [tn-DNS-Server] [a-ch-email] ( Serial number; Refresh number; Retry number; Experi number; Time-to-line number) V d :

vnnetpro.com. IN SOA server1.vnnetpro.com. sangnt.vnnetpro.com. ( 1 ; serial 10800 ; refresh after 3 hours 3600 ; retry after 1 hours 604800 ; expire after 1 week 86400 ) ; minimum TTL of 1 day Gii thch ngha v d trn : - Tn Domain : vnnetpro.com. phi v tr ct u tin v kt thc bng du chm (.). - IN l Internet - server1.vnnetpro.com l tn FQDN ca Primary Name Server ca d liu ny. - sangnt.vnnetpro.com l a ch email ca ngi ph trch d liu ny. Lu l a ch email thay th du @ bng du chm sau root. - Du ( ) cho php ta m rng ra vit thnh nhiu dng, tt c cc tham s trong du ( ) c dng cho cc Secondary Name Server. Cc thnh phn bn trong c php ca record SOA : + Serial : p dng cho mi d liu trong zone v l 1 s nguyn. Trong v d, gi tr ny l 1 nhng thng thng ngi ta s s dng theo nh dng thi gian nh 2007092001. nh dng ny theo kiu yyyymmddnn, trong nn l s ln sa i d liu zone trong ngy. Bt k theo nh dng no th lun lun phi tng s ny ln mi ln sa i d liu zone. Khi Secondary Name Server lin lc vi Primary Name Server th trc tin n s hi s serial ny. Nu s serial ca my Secondary nh hn s serial ca my Primary tc l d liu trn Secondary c v sau my Secondary s sao chp d liu mi t my Primary thay cho d liu ang c. + Refresh : ch ra khon thi gian my Secondary kim tra d liu zone trn my Primary cp nht nu cn. Trong v d trn th c mi 3 gi my ch Secondary s lin lc vi my ch Primary cp nht nu c. Gi tr ny thay i theo tn sut thay i d liu trong zone. + Retry : nu my Secondary khng kt ni c vi my Primary theo thi hn m t trong refresh (v d trng hp my Primary shutdown my vo lc ) th my Secondary s tm cch kt ni li vi my Primary theo chu k thi gian c xc nh trong retry. Thng thng gi tr ny nh hn gi tr refresh + Expire : nu sau khon thi gian ny m my Secondary khng cp nht c thng tin mi trn my Primay th gi tr ca zone ny trn my Secondary s b ht hn. Nu b expire th Secondary s khng tr li bt c 1 truy vn no v zone ny. Gi tr expire

ny phi ln hn gi tr refresh v gi tr retry. + TTL : gi tr ny p dng cho mi record trong zone v c nh km trong thng tin tr li 1 truy vn. Mc ch ca n l ch ra thi gian m cc my DNS Server khc cache li thng tin tr li. Gip gim lu lng truy vn DNS trn mng. 7.2 NS (Name Server) Record tip theo cn c trong zone l NS (Name Server) record. Mi Name Server cho zone s c 1 NS record. C php : [domain-name] IN NS [DNS-Server-Name] V d : Record NS sau : vnnetpro.com. IN NS dnsserver1.vnnetpro.com. vnnetpro.com. IN NS dnsserver2.vnnetpro.com. ch ra rng Domain vnnetpro.com c 2 Name Server l dnsserver1.vnnetpro.com v dnsserver2.vnnetpro.com 7.3 A (Address) v CNAME (Canonical Name) Record A (Address) nh x tn my (hostname) vo a ch IP. Record CNAME (Canonical Name) to tn b danh alias tr vo 1 tn canonical. Tn canonical l tn host trong record A hoc li tr vo 1 tn canonical khc. C php : [tn-my-tnh] IN A [a-ch-IP] V d : record A trong tp tin db.vnnetpro server1.vnnetpro.com. IN A 172.29.14.1 dns.vnnetpro.com. IN A 172.29.14.4 //Multi-homed hosts server.vnnetpro.com. IN A 172.29.14.1 server.vnnetpro.com. IN A 192.253.253.1 7.4 AAAA nh x tn my (hostname) vo a ch IP version 6 C php : [tn-my-tnh] IN AAAA [a-ch-IPv6]

V d : Server IN AAAA 1243:123:456:789:1:2:3:456ab 7.5 SRV Cung cp c ch nh v dch v, Active Directory s dng resource record ny xc nh Domain Controller, Global Catalog Servers, Lightweight Directory Access Protocol (LDAP) Server Cc thnh phn trong SRV : - Tn dch v service - Giao thc s dng - Tn Domain (Domain Name) - TTL v class - Priority - Weight (h tr Load Balancing) - Port ca dch v - target ch nh FQDN cho host h tr dch v. V d : _ftp._tcp.somecompany.com. IN SRV 0 0 21 ftpsvr1.somecompany.com _ftp._tcp.somecompany.com. IN SRV 10 0 21 ftpsvr1.somecompany.com 7.6 MX (Mail Exchange) DNS dng record MX trong vic chuyn mail ln mng Internet. Ban u chc nng chuyn mail da trn 2 record : record MD (Mail Destination) v record MF (Mail Forwarder) records. MD ch ra ch cui cng ca 1 thng ip mail c tn domain c th. MF ch ra my ch trung gian s chuyn tip mail n c my ch ch cui cng. Tuy nhin vic t chc ny hot ng khng tt Do , chng c tch hp li thnh 1 record l MX. Khi nhn c mail, trnh chyn mail (mailer) s da vo record MX nh ng i ca mail. Record MX s ch ra 1 Mail Exchanger cho 1 min Mail Exchanger l 1 Server (chuyn mail n mailbox local hay lm gateway chuyn sang 1 giao thc chuyn mail khc nh UUCP) hoc chuyn tip mail n 1 Mail Exchanger khc (Mail Server trung gian) gn vi mnh nht n vi Server ch cui cng dng giao thc SMTP. trnh vic gi mail b lp li, record MX c thm 1 gi tr b sung ngoi tn Domain ca Mail Exchanger l 1 s th t tham chiu. y l 1 gi tr nguyn khng du 16-bit (o-65535) ch ra th t u tin ca cc Mail Exchanger. C php : [domain-name] IN MX [priority] [mail-host]

V d : vnnetpro.com. IN MX 10 mailserver.vnnetpro.com. Ch ra my ch mailserver.vnnetpro.com l 1 Mail Exchanger cho Domain vnnetpro.com vi u tin l 10. Ch : cc gi tr ny ch c ngha so snh vi nhau. V d khai bo 2 record MX : vnnetpro.com. IN MX 1 listo.vnnetpro.com. vnnetpro.com. IN MX 1 hep.vnnetpro.com. Trnh chuyn mail (mailer) s th phn pht th n Mail Exchager c u tin nh nht trc. Nu khng chuyn mail c th Mail Exchanger vi u tin k s c chn. Trong trng hp c nhiu Mail Exchanger c cng u tin th Mailer s chn ngu nhin gia chng. Ch : ch to MX record khi chng ta mun nhn email t bn ngoi Internet gi vo Mail Exchanger ca h thng. Khi c email n th n s hi xem DNS Server l Mail Server ca h thng ny c a ch IP l g? Lc ny DNS Server s tr li cu hi ny bng cch tm thng tin trong MX record. Lc DNS Server s forward n Mail Server. Cc User trong local s ln Mail Server ly mail v bng c ch POP3. 8. Khi ng v ngng dch v DNS khi ng v ngng dch v DNS trn my tnh local, chng ta s dng dng lnh net start/stop tn_dch_v. - Ngng dch v DNS C:\> net stop dns The DNS Server service is stopping. The DNS Server service was stopped successfully. - Khi ng dch v DNS C:\> net start dns The DNS Server service is starting. The DNS Server service was started successfully. khi ng v ngng dch v trn cc my t xa, chng ta s dng dng lnh sc. Trn Windows NT th tin ch ny nm trong b Resource Kit, trn Windows Server 2003 th tin ch ny c sn trn windows. thao tc trn cc my t xa trong mng ni b, chng ta s dng cc dng lnh sau : - Ngng dch v DNS trn my dnsserver trong local C:\> sc \\dnsserver stop dns SERVICE_NAME: dns

TYPE : 10 WIN32_OWN_PROCESS STATE : 3 STOP_PENDING (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x1 WAIT_HINT : 0x7530 - Khi ng dch v DNS trn my dnsserver trong local C:\> sc \\dnsserver start dns SERVICE_NAME: dns TYPE : 10 WIN32_OWN_PROCESS STATE : 2 START_PENDING (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x7d0 Hy dng thng bo START_PENDING y l dng thng bo khi ng thnh cng dch v DNS. Ngoi ra xa cache DNS trn my dnsserver, g dng lnh sau : C:\> dnscmd matrix /clearcache 9. Cu trc ca gi tin DNS

Cu trc mt gi tin DNS

Trong cc thnh phn ca cu trc gi tin DNS trn, khi cp n vn bo mt, chng ta ch quan tm n 4 vng c nh du mu xm. 1. Transaction ID : n l mt s ngu nhin (random) dng so khp vi truy vn phn hi tr li. Khi client nhn c mt phn hi (respone) t server, n s kim tra xem s transaction ID ny c trng vi s transaction ID m n gi i ban u hay khng. 2. Answer Resource Record structures : y l phn ni dung do DNS Server tr li, c ly trong resource record (RR) trn chnh my DNS Server . 3. Authority Resource Record structures : phn ny cha mt trong 2 loi, hoc l SOA hoc l NS record cha thng tin chng nhn ch nhn ca RR(s) trong phn tr li trn. 4. Additional Resource Record structures : phn ny l thng tin resource record c thm vo gi cho my nhn (receiver) Lu : nu c 2 phn hi (responces), trnh t tip nhn ca client s din ra nh sau : ci no n trc s c chp nhn trc, sau b thng tin nhn trc khi nhn c ci sau. y tht s l im yu tn cng u c cache. Tiu ch xc nh xem nhng phn hi (responces) c hp l hay khng l da trn cc thng s ban u ca cc yu cu (requests) m client gi i. Client ch chp nhn nhng phn hi vi cng mt a ch IP, s cng (port number) v s transaction ID ban u do client gi i. V d theo bng sau th gi tin phn hi s c chp nhn : 10. Cc im yu ca DNS Do mt client bnh thng tin tng cc thng tin phn gii do DNS Server cung cp. Do , nu DNS Server b tn cng v mc ch no nhm thay i cc thng tin phn gii tr v cho client. in ny tht nguy him cho client khi nhn c nhng thng tin phn gii b nhim bn. Tht t cho thy cc DNS Server thng b tn cng theo cc phng thc sau y : 1. Thay i zone file 2. Zone file c gi mo trong vic ng b (synchronize) gia cc DNS server vi nhau. 3. Gi mo thng tin IP gi n cho client. Vi cc phng thc trn th c cc kiu tn cng sau: * Tn cng u c cache (cache poisoning attack) Nh cp trong phn l thuyt bn trn, cc DNS Server sau khi tr thng tin phn gii c vo cache (cache trn DNS Server), mc ch l ti u cho vic phn gii ln sau. Li dng c ch ny, cc attacker tin hnh u c cache ca DNS Server. C vi cch thc hin vic ny : - Cch th nht : thit lp mt DNS Server gi mo vi cc record c hi.

u c cache DNS Server bng cch s dng mt DNS Server gi mo Mc ch ca k tn cng l mun dn cc client khi phn gii mt ci tn no v a ch IP gi mo, v d khi client cn phn gii a chwww.cnn.com th c tr v a ch

IP gi l 66.66.66.66. K tn cng c th thc hin c vic bng cch theo cc bc sau y: 1. Thit lp 1 DNS Server gi mo, v d tn ca server ny l ns.attacker.com 2. Sau k tn cng to ra mt truy vn n DNS Server ca nn nhn (server ny tm gi l ns.victim.com), yu cu phn gii tnwww.attacker.com 3. Khi DNS Server (lc ny cha c record no phc v cho vic phn gii tn www.attacker.com trong cache) ca nn nhn s lin lc vi DNS Server gi mo ca attacker l ns.attacker.com ly thng tin tr li cho vic phn gii tn www.attacker.com 4. Ns.attacker.com tr li cho a ch www.attacker.com = 44.44.44.44 n ns.victim.com. Tuy nhin, cng trong thi im , trong gi tin reply tr v th mt record khc cng c thm vo cha thng tin l www.cnn.com = 66.66.66.66 ti vng Additional Resource Record structures (xem li cu trc gi tin DNS trnh by bn trn). 5. Sau khi nhn c reply ny t my ns.attacker.com, ns.victim.com s tr li cho attacker l www.attacker.com=44.44.44.44. Tuy nhin, lc ny ns.victim.com cache li thng tin v www.attacker.com=44.44.44.44 v www.cnn.com=66.66.66.66. 6. Thng tin record www.attacker.com s c tr v cho k tn cng, tuy nhin y khng phi l mc tiu chnh ca k tn cng, m mc tiu chnh l t thng tin sai vo b nh cache ca DNS Server nn nhn. 7. Khi no record gi cn tn ti trong cache ca DNS Server nn nhn, t y v sau, cc truy vn ca www.cnn.com s c chuyn hng n 66.66.66.66, y c th l mt my tnh c c di s kim sot ca attacker, cc thng tin n www.cnn.com s c attacker forward n i tng tht s www.cnn.com v ngc li. Do client cui cng khng bit c s tn ti ca my man in the middle. - Cch th hai : gi mt spoofed reply n client nn nhn thng qua s gip ca 1 sniffer Thay v thit lp mt DNS Server gi mo, nu attacker c th t mnh vo v tr gia client v DNS Server, attacker c th ngn chn cc request ca client gi n DNS Server v sau gi gi tin reply vi thng tin sai n client.

u c cache DNS bng cch nghe ln (sniffer) Xin nhc li l client ch chp nhn cc gi tin reply vi cng cc thng s gi i ban

u nh Transaction ID, a ch IP v s port. bit cc thng s ny, attacker c th nghe ln capture li cc gi tin trong mng. Sau khi c cc thng s y , attacker c th to gi tin reply DNS gi gi n cho client. Ni dung gi tin cha thng tin sai tri phc v cho mc ch en ti ca attacker. Tuy nhin hn ch ca phng php ny l gi tin reply phi ca attacker phi n trc gi tin hp l ca DNS Server. Nu gi tin hp l ca DNS Server n trc th cch tn cng ny s khng thc hin c. l do client ch chp nhn gi tin reply no hp l n trc, v s lm ng (ignore) cc gi tin n sau. C nhiu cch thc hin ny ca attacker, v tng kh nng thnh cng ca phng php ny, attacker c th tin hnh tn cng t chi dch v (DOS) lm chm hot ng ca DNS Server. Do phi capture cc gi tin ly cc thng s ca gi tin request DNS, vic capture cc gi tin ny kh c th thc hin trong mi trng mng switch (switched netword). Do , k thut tn cng ARP snoofing phi c thc hin trc. - Cch th 3 : gi mt lng ln snoofing reply n client nn nhn. K thut tn cng da vo s ID DNS snoofing i hi k tn cng phi bit chnh xc s ID giao dch gia client v server. iu ny c th c thc hin bng cch gi mt lng rt ln cc gi tin reply cha s Transaction ID khc nhau n client, hy vng mt trong s cc gi tin gi n client s hp l. Trn tht t, s ID ny ch chim 2 byte b nh, cho nn n ch c tt c 65525 trng hp. V vy, bng cch gi 65525 gi tin reply (mi gi tin c s ID khc nhau), mt trong s chng chc chn s ph hp vi s Transaction ID giao dch gia client v server, ng thi c th lm ngp lt (fool) my nn nhn. K thut tn cng ny c gi l birthday attack bi v n c da trn nguyn l Birthday Paradox, theo nguyn l ny th s c hai hoc hn hai ngi c cng mt ngy sinh nht trong s 23 ngi c cng ngy sinh nht l ln hn 0.5. Vi cch tn cng ny, attacker khng cn phi nghe ln s Transaction ID giao dch gia client v server. Nhng vn ca n l khi no th nn tin hnh thc hin birthday attack? l, lm th no bit khi no client thc hin truy vn DNS? y l vic gy kh khn cho phng thc tn cng ny. - Cch th 4 : attacker gi mt lng ln snoofed reply n DNS Server. Trong cch th 3, attacker khng th bit khi no client thc hin mt truy vn. Tuy nhin, tht t, attacker c th t thc hin truy vn v sau gi gi tin reply gi mo n DNS Server. Sau , DNS Server s cha thng tin b u c.

u c cache DNS bng phng php birthday attack Theo m hnh trn, mc ch ca attacker l mun chuyn vic phn gii tn www.cnn.com n a ch IP 66.66.66.66, cc bc thc hin c tin hnh nh sau : 1. Attacker gi mt truy vn n DNS Server nn nhn truy vn phn gii tn www.cnn.com. 2. Sau khi nhn c truy vn ny, server s gi mt truy vn n ns.cnn.com nh phn gii h a ch www.cnn.com, v sau i phn hi. 3. Trong khon thi gian ch ny, attacker s t gi mo gi tin reply ny gi n cho DNS Server. Trong gi tin ny cha ng ni dung gi a ch IP cho www.cnn.com l 66.66.66.66. 4. Lc ny, cache ca DNS Server b u c. K t thi im ny, mi truy vn yu cu phn gii a ch IP cho tn www.cnn.com u c tr v a ch l 66.66.66.66. My tnh c t di s iu khin ca attacker. Tr ngi ca phng php ny l gi tin reply phi cha cng s Transaction ID v s port m DNS Server victim s dng. gii quyt vn ny, i vi s Transaction ID th attacker s dng phng php birthday attack. Trn DNS Server th source port s dng hu nh khng i i vi tng client. Li dng iu ny, u tin attacker yu cu DNS Server victim phn gii mt a ch tn domain no ca attacker. Trn my ny, sau khi nhn c truy vn attacker c th bit c source port no ang c s dng trn DNS Server victim. Da trn s tnh ton ny, cng vi s source port bit, attacker thc hin gi 650 request v 650 reply gi mo n DNS Server victim. Xc sut thnh cng ca phng php tn cng ny t khon 96% t l thnh cng. * Tn cng trn b m (buffer overflow attack) L dng tn cng vo vng nh m ca my ch DNS Server thc thi cc dng lnh trn my ch . y khng phi l gi tin response cha thng tin c hi (nh cha tn qu di, hoc chiu di gi tin qu ln) nhng c th lm cho vic ghi ln vng nh m ca victim tr nn qu ti, cho php thc thi vic leo thang chim quyn trn my tnh . Vi quyn truy cp chim c, attacker c th sa i cc thng tin trn

file zone. * Tn cng trong qu trnh zone transfer (Zone transfer attack) Mc ch ca vic tn cng ny l a thng tin khng ng ln server d phng (slave server) thng qua tin trnh zone transfer bnh thng gia server chnh v server d phng. Sau y l cch thc hin zone transfer attack. 1. u tin, attacker thc hin phng php tn cng man-in-the-middle c th chen ngang vic trao i thng tin gia server chnh v server d phng. 2. Khi server d phng yu cu server chnh thc hin qu trnh zone transfer, attacker s ngn chn yu cu ny n server, sau attacker s tr v cho server d phng thng tin c gi mo. 3. Lc ny, server d phng cha thng tin b gi mo ca attacker. 4. Sau , attacker thc hin tn cng t chi dch v trn server chnh. 5. Lc ny, server d phng s ng vai tr l server chnh bt u cung cp dch v DNS cho cc client. 6. Sau , cc client s nhn thng tin b u c t pha DNS Server. ngn chn vic ny, cc DNS Server s dng access control list. Danh sch ch cha a ch IP ca nhng my server chnh no c php zone transfer. * Tn cng t chi dch v (Denial of Service Attack) L kiu tn cng ph bin vi cc request dn dp lm ngp lc server, lm cho server chm chm c th chp nhn cc request hp l. Tuy nhin, trong DNS, vic thc hin DoS c th t c bng cch s dng vi loi resource record trong file zone. C th, Name Server (NS) record th c dng xc nh chng nhn name server cho mt domain, v d : ibm.com IN NS ns.ibm.com. Nu attacker c th u c cache ca mt DNS Server vi mt NS record v d nh ibm.com IN NS ns.attacker.com, server s tham chiu n ns.attacker.com phc v bt k yu cu truy vn no ca client v a ch ca my ibm.com. Lc ny n s t chi tt c cc client c cng tn dch v c cung cp bi ibm.com. Mc khc, Canonical Name (CNAME) record, dng map tn b danh vi tn tht, cng c th c s dng. C th, mt attacker c th u c cache ca mt DNS Server vi mt CNAME record nh www.vnnetpro.com IN CNAME www.vnnetpro.com, vi vic tham chiu n chnh n, khi mt client yu cu truy vn a ch www.vnnetpro.com, truy vn c th b lp v tn. * Tn cng phng thc cp nht ng (Dynamic update attack) Trong vi trng hp, sau khi chnh sa cc zone file trn DNS Server, server khi ng li nhng thay i c hiu lc. Nhng khi khi lng cn thay i qu ln, khi cc hot ng ca server khng hot ng bnh thng nh trc. thay i vng d liu mt cch hiu qu, tnh nng dynamic update c s dng (xem RFC 2136 [3]), cho php t ng thay i (chng hn nh vic thm v xa) cc record ca DNS Server trong khi dch v vn hot ng bnh thng khng b gin on.

Vi tnh nng ny, name server chp nhn cc ngun thng tin cp nht t bn ngoi hoc cc ng dng cho cc thng tin c nhn c cp nht mt cch t ng. Chc nng dynamic update ny ch yu c s dng cho cc my chy dch v DHCP, sau khi gn IP mi cho mt client, DHCP Server s s dng giao thc cp nht ng (dynamic update protocol) cp nht tn my vi a ch IP ph hp. Tht khng may, tin trnh cp nht ng th khng c bo mt. Attacker c th d dng thay i vng zone data trn DNS Server bng cch gi cc gi tin cp nht ng mt cch lin tc (bng giao thc UDP). 11. Bo mt DNS Server - Ngn khng cho thc hin zone transfer tri php bng cch s dng Access control list, ch nhng my tnh no c a ch IP nm trong danh sch ny c thc hin qu trnh zone transfer vi DNS Server chnh. - Disable tnh nng recursi trn cc server c y quyn (Delegated Name Servers) bng cch check vo Disable recursion (ng ngha vi vic disable tnh nng forwarder) trong th Advanced. Theo mc nh th name server h tr tnh nng recursive, chng ta tt tnh nng ny i v bn thn cc name server lin lc vi nhau theo kiu nonrecursive.

12. DNS trong mi trng Active Directory Do trong mi trng Active Directory c t tn dng DNS nn h thng buc phi c DNS Server phn gii tn cho Active Directory. V vy DNS Server cn phi c cu hnh trc khi xy dng Active Directory. Mt h thng sau khi c Active Directory m DNS Server b li s dn n cc my con khng truy cp c vo Domain Controller. Lu : trong mt m hnh mng local, c DNS khng nht thit phi c Active Directory nhng trong mi trng Active Directory bt buc phi c DNS. Vn y l xy dng DNS hon chnh ri mi tin hnh ln Domain hay l trong qu trnh ln Domain cho php h thng t tch hp DNS lun. Xin tha l nn tin hnh xy dng DNS hon chnh ri mi tin hnh ln Domain sau. Ti sao li phi thc hin ng trnh t nh vy? Theo s hiu bit ca ring sangnt th v mt performance th khng bit c s khc bit nh th no (v cha c h thng tht t ln test) nhng v mt n nh th h thng c xy dng DNS trc s rt n nh, nu tch hp DNS trong qu trnh ln Domain th h thng hot ng c mt thi gian l b t lit (trong trng hp ny bn thn DNS s t chuyn thnh root DNS trong h thng local, hot ng c mt thi gian ngn l DNS b li nn cc my tnh khng logon vo Domain c, v khng phn gii c tn Domain). Mt vn na sangnt mun cp n l sau khi xy dng DNS hon chnh ri tin hnh ln Domain th cc bn nn tch hp database DNS vo Active Directory ngay. V khi DNS c tch hp vi AD (DNS phi l Primary DNS Server), lc ny qu trnh Zone Transfer s c m ha bng cc tnh nng bo mt c sn ca Active Directory. DNS khng tch hp th qu trnh Zone Transfer s khng c m ha. 13. Phn bit DNS c xy dng trc ri mi ln Domain vi DNS c tch

hp chung trong qu trnh ln Domain Bn c bao gi t hi lm sao phn bit s khc nhau gia DNS c xy dng trc vi DNS c xy dng chung trong qu trnh dcpromo khng? Sangnt xin ch ra s khc nhau ny th hin qua cc chi tit sau y : DNS c xy dng trc (k hiu l A), DNS c tch hp trong qu trnh dcpromo (k hiu l B). 1. Trong qu trnh thc hin dcpromo :

A - Qu trnh kim tra DNS thnh cng

B - Thng bo cha ci dch v DNS

A - Khng c ci t DNS trong qu trnh dcpromo

B - Qu trnh dcpromo t ci t v config DNS 2. Bn trong cu trc ca DNS

A - Cu trc t chc DNS n gin

B - Cu trc t chc DNS phc tp (lu phn c khoanh trn mu ) 14. Phn bit DNS Database tch hp v khng tch hp vi Active Directory (AD) S khc nhau gia DNS tch hp v DNS khng tch hp vi AD khng ch th hin nhng ni c th nhn bit c bng hnh nh trc quan (ng dn cha Database v cu trc Zone) m cn khc nhau c v c ch hot ng. 1. ng dn cha Database

DNS khng tch hp Active Directory : %systemroot%\system32\dns DNS tch hp vi Active Directory : %systemroot%\NTDS

Hnh minh ha DNS khng tch hp vi AD 2. Xem tab General trong Properties ca Zone

DNS khi cha tch hp vi AD

DNS sau khi tch hp vi AD 3. Qu trnh Zone Transfer

Khi DNS c tch hp vi AD (DNS phi l Primary DNS Server), lc ny qu trnh Zone Transfer s c m ha bng cc tnh nng bo mt c sn ca Active Directory. DNS khng tch hp th qu trnh Zone Transfer s khng c m ha. 15. Cc bc thc hin xy dng DNS hon chnh trc khi thc hin qu trnh dcpromo 1. i DNS Suffix Trc khi cu hnh dch v DNS, chng ta phi i DNS Suffix ca DNS Server trnh trng hp gp li v Name Server. 1. Chn Start --> Chut phi ln My Computer --> chn Properties (hoc vo Start Run g lnh sysdm.cpl) 2. Chn tab Computer Name --> Change --> more 3. in DNS Suffix di dng DNS Name level 2, tn DNS Suffix trng tn vi tn ca domain. V d ti t tn DNS Suffix cng tn vi domain l vnnetpro.com 4. Nhn OK hai ln v khi ng li my. 2. To Forward Lookup Zone : Forward Lookup Zone dng phn gii tn my (hostname) thnh a ch IP. 1. Chut phi vo Forward Lookup Zones --> New Zone 2. Zone type : chn Primary Zone --> Next 3. Zone name : in vo tn domian l vnnetpro.com --> Next --> Next 4. Chn Allow both nonsecure and secure dynamic updates 5. Nhn Finish hon tt. 3. To Reverse Lookup Zone : Reverse Lookup Zone c c ch hot ng ngc li vi Forward Lookup Zone tc l phn gii a ch IP thnh tn my (hostname). 1. Chut phi vo Reverse Lookup Zones --> New Zone 2. Zone type : chn Primary Zone --> Next 3. Zone Name s dng Network ID 192.168.1 --> Next --> Next 4. Allow both nonsecure and secure dynamic updates 5. Nhn Finish hon tt. 6. To pointer ch n Host A l 192.168.1.2 (a ch IP ca DNS Server). C bao nhiu Host A th to by nhiu pointer ch ng IP ca Host . b. Kim tra hot ng ca DNS Server : sau khi cu hnh to Forward Lookup Zone v Reverse Lookup Zone xong, tin hnh kim tra DNS Server bng cch : 1. Vo Start --> Run g lnh cmd.

2. Ti mn hnh cmd, g lnh nslookup

OK, nh vy l DNS Server c cu hnh hon chnh. Lc ny cc bn c th tin hnh ln Domain bng dng lnh dcpromo c ri y. 16. To Secondary Zone Thng thng trong mt Domain ta c th t chc mt Primary Name Server (PNS) v mt Secondary Name Server (SNS), trong SNS ng vai tr l mt DNS d phng, n lu li bn sao d liu trn my PNS. SNS khng th t ng cp nht cc thng tin trong Zone m phi ch bn PNS thay i sau s replicate ng b.

Sau khi ci t dch v DNS tng t nh tin hnh trn my PNS. Ta bt u ci t Secondary Zone nh sau : To Forward Secondary Zone 1. Chn Start --> Run g lnh dnsmgmt.msc 2. Chut phi vo Forward Lookup Zone --> New Zone 3. Zone type : chn Secondary Zone 4. Zone name : cng tn vi Zone name trn Primary DNS Server l vnnetpro.com 5. Master DNS Server : in a ch IP ca Primary DNS Server cha Primary Zone --> Add

6. Nhn Finish hon tt To Reverse Secondary Zone 1. Chut phi vo Reverse Lookup Zone --> New Zone 2. Zone type : chn Secondary Zone 3. Network ID : in vo 192.168.1

4. Master DNS Server : in vo 192.168.1.2 --> Next

5. Nhn Finish hon tt Kim tra xem thng tin cc Zone cu hnh c replicate vi Primary Name Server hay cha.

n y trn my Secondary DNS s cha c database DNS ca Primary v trn Primary DNS Server bn phi cu hnh cho php a ch IP ca Secondary DNS c php Zone Transfer. 17. Cu hnh DNS Zone Transfer trn my Primary Name Server Zone Transfer cho php my Secondary c php ly DNS database trn my Primary cp nht. V l do bo mt, mc nh Windows Server khng cho php thc hin Zone Transfer. Ngi thc hin : Domain Admin, DNS Admin, Local Admin 1. Chut phi vo ddcsecurity.com trong Forward Lookup Zone --> Properties. Chn tab Zone Transfer 2. Chn Only the following Servers. Ti IP Adress in a ch IP ca my Secondary DNS --> nhn Add --> Nhn OK

3. Thao tc tng t cho Reverse Lookup Zone. 4. Kim tra Zone Transfer trn Secondary Name Server : lc ny th Secondary Name Server c php Zone Transfer n Primary Name Server ly database DNS v lu tr thnh mt bn sao hon chnh. Cc thay i v sau trn Primary Name Server s c cp nht cho Secondary Name Server. 18. Sao lu v khi phc Database DNS D liu (Database) DNS Server cha thng tin v cc Zone. D liu c 2 ni cha : Systemroot Folder (trng hp DNS khng tch hp vi Active Directory) hoc nm chung trong d liu ca Active Directory (trng hp DNS c tch hp vi Active Directory). Ngi thc hin : Domain Admin, DNS Admin, Local Admin, Backup Operator. Backup DNS Database trong Systemroot Do Database DNS khng nm chung vi Active Directory nn Admin ch cn backup li

th mc %systemroot%\system32\dns bng cc cng c backup nh Veritas Netbackup, Scheduled Tasks, hoc backup th cng. Sau khi backup DNS trong th mc Systemroot, ta cn phi tin hnh thm mt bc na l backup Registry DNS. 1. Vo Start Run g lnh regedit OK 2. Tm n kha HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\DNS 3. Chut phi vo folder DNS ri chn Export

4. Ch ng dn v t tn cho file registry ny, lu vi tn l backup registry dns 1.reg

5. Tm n kha HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server 6. Chut phi vo folder DNS Server ri ch Export.

7. Ch ng dn v t tn cho file registry ny, lu vi tn l backup registry dns 2.reg

Backup DNS Server trong Active Directory 1. Vo Start --> Run g lnh ntbackup 2. Chn Advanced Mode

3. Chn tab Backup 4. Chn System State trong mc My Computer --> Chn ng dn lu tr file *.bfk

5. Nhn Start Backup 2 ln

Restore Database DNS Server Ngi thc hin : Domain Admin, DNS Admin, Local Admin, Backup Operator. Restore Database DNS Server cha trong Systemroot Folder 1. Stop DNS Service 2. Copy Database DNS vo li th mc %systemroot%\system32\dns trn Server DNS 3. Chy 2 file backup registry dns 1.reg v backup registry dns 2.reg backup DNS registry 3. Start DNS Service 4. Refesh li DNS xem thng tin cc Zone c phc hi. Restore Database DNS Server trong System Restore (trng hp DNS tch hp vi AD) 1. Khi ng Server vo ch Directory Restore Mode 2. Double Click vo file *.bkf cha System State ca ln Backup trc 3. Tip tc chy qu trnh NTBackup phc hi li Database DNS Server Lu : qu trnh ny s phc hi ton b Active Directory v override cc d liu trn Active Directory 19. Vi dng lnh hu ch lin quan n DNS trn Windows Chc hn mi ngi ai cng quen thuc vi dng lnh ipconfig trn Windows, tin ch ipconfig c Microsoft tch hp sn trong cc h iu hnh Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows 7 v Windows Server 2008. Sangnt xin php cung cp thm mt t hiu bit ca mnh v cc option ca dng lnh ny trong lot bi vit tm hiu v DNS.

ipconfig /displaydns : dng xem ni dung cc resource record c cache li trn my tnh ca mnh (hay cn gi l resolver client). Mi resource record bao gm cc thng tin nh tn ca record (Record Name), kiu record (Record Type), Thi gian tn ti ca record ny trn my (Time To Live), di gi tin (Data Length), Section v Resource Record Data. Nu trong cache c record cha thng tin truy vn no ri, th my tnh s s dng thng tin ny phn gii tn sang a ch IP, khng phi tn thi gian truy vn li thng tin ny (thi gian tn ti ca record ph thuc vo thng s Time To Live). Ni tm li, u tin client s tm thng tin trong cache ca n trc, nu khng c th s tin hnh gi query n DNS Server c ch nh. Sau khi nhn c reply t DNS Server, client s cache li thng tin ny phc v cho ln truy vn sau.

Ni dung cc record c cache li trn my client ipconfig /flushdns : xa ton b ni dung cc record trong cache ca chnh my tnh . i khi chng ta phi s dng dng lnh ny gii quyt s c trong trng hp thng tin record c cp nht trn DNS Server nhng cache client ca chng ta vn cn lu thng tin c. ipconfig /registerdns : dng ng k cp nht ng n DNS Server (sau khi c DHCP cung cp IP v cc thng s cn thit khc nh subnet mask, default gateway, ip dns,), trn DNS Server lc ny s t ng to cc record nh A Host v Pointer tng ng vi IP v tn my ca client).