This chapter covers DNS (Domain Name System) and DHCP (Dynamic Host Configuration Protocol), two foundational network services that every IT professional must understand for the CompTIA A+ 220-1101 exam. These topics appear in roughly 5-10% of Networking domain questions (Objective 2.1). You will learn how DNS resolves names to IP addresses, how DHCP automates IP address assignment, and how to configure and troubleshoot both on client devices. This knowledge is critical for network troubleshooting, device configuration, and understanding how modern networks operate.
Jump to a section
Think of DNS as the universal phone book for the internet. When you want to call a business, you look up the name (e.g., 'Acme Plumbing') and the phone book gives you the number (e.g., 555-1234). Without the phone book, you’d need to memorize every number. Similarly, DNS translates human-friendly domain names (like www.example.com) into machine-readable IP addresses (like 192.0.2.1). The DNS resolver is like a caller who asks the operator for the number; the DNS server is the operator who looks it up in the book. If the operator doesn’t have the number, they call another operator (root or TLD server) and eventually get the answer. The entire process is hierarchical and cached so you don't have to look up the same number every time.
Now imagine a hotel. When a guest checks in, they go to the front desk and are assigned a room number for the duration of their stay. The front desk keeps a log of which guest is in which room. When the guest leaves, the room number is returned to the pool and can be assigned to the next guest. DHCP works exactly like this: a device (guest) requests an IP address (room) from the DHCP server (front desk). The server leases an IP for a set time (stay duration). The device must renew the lease periodically or the IP is reclaimed. Just as a hotel wouldn’t give two guests the same room at the same time, DHCP ensures no two devices on the same network have the same IP address. The DHCP server also tells the device other network details, like the default gateway (like telling the guest where the exit is) and DNS servers (like providing the phone book).
What is DNS and Why Does It Exist?
DNS (Domain Name System) is a hierarchical distributed naming system that translates human-readable domain names (e.g., www.example.com) into IP addresses (e.g., 93.184.216.34). Without DNS, users would have to memorize IP addresses for every website or service. DNS is defined in RFCs 1034 and 1035, and it operates over UDP (and TCP for zone transfers) on port 53.
How DNS Resolution Works
When a client wants to resolve a domain name, the following steps occur:
The client's resolver (e.g., the operating system's DNS client) checks its local cache for the record. If found, it returns the IP immediately.
If not cached, the resolver sends a query to the configured DNS server (usually provided by DHCP or manually set).
The DNS server checks its own cache. If found, it returns the answer (this is a non-authoritative answer).
If not cached, the server performs iterative queries starting from the root servers (13 root server clusters, e.g., a.root-servers.net).
The root server responds with the TLD (Top-Level Domain) server (e.g., .com, .org).
The resolver queries the TLD server, which responds with the authoritative name server for the domain (e.g., ns1.example.com).
The resolver queries the authoritative name server, which returns the IP address (the A or AAAA record).
The resolver caches the result for the TTL (Time-to-Live) period and returns it to the client.
DNS Record Types
A: Maps a hostname to an IPv4 address (e.g., www.example.com -> 192.0.2.1)
AAAA: Maps a hostname to an IPv6 address
CNAME: Canonical name; maps an alias to a canonical (true) hostname (e.g., ftp.example.com -> server1.example.com)
MX: Mail exchange; specifies mail servers for the domain
NS: Name server; lists authoritative DNS servers for the domain
PTR: Pointer; reverse DNS lookup (IP to hostname)
TXT: Text records; often used for SPF, DKIM, DMARC email validation
SOA: Start of Authority; contains administrative info like primary NS, admin email, serial number, refresh/retry/expire timers
DHCP: Dynamic Host Configuration Protocol
DHCP automates IP address assignment, subnet mask, default gateway, DNS servers, and other network parameters. It operates on UDP ports 67 (server) and 68 (client). DHCP uses a four-step process: DORA (Discover, Offer, Request, Acknowledge).
DORA Process Details
Discover: The client broadcasts a DHCPDISCOVER packet (source IP 0.0.0.0, destination 255.255.255.255) looking for DHCP servers.
Offer: DHCP servers respond with a DHCPOFFER packet, offering an IP address and lease time. The offer includes the server's IP and client hardware address.
Request: The client broadcasts a DHCPREQUEST packet, formally requesting the offered IP. This broadcast informs all servers which offer was accepted.
Acknowledge: The chosen server sends a DHCPACK packet confirming the lease, including the IP, subnet mask, default gateway, DNS servers, and lease duration.
DHCP Lease Timers
Lease Duration: Default is typically 24 hours for wired networks, but can be configured (e.g., 8 hours for Wi-Fi).
T1 (Renewal Timer): At 50% of lease time, the client sends a unicast DHCPREQUEST to the leasing server to renew.
T2 (Rebinding Timer): At 87.5% of lease time, if renewal failed, the client broadcasts a DHCPREQUEST to any server.
Lease Expiration: If no renewal or rebinding, the client must stop using the IP and start the DORA process again.
DHCP Options
DHCP options carry additional configuration parameters. Common options include:
Option 1: Subnet Mask
Option 3: Default Gateway
Option 6: DNS Servers
Option 15: Domain Name (e.g., example.local)
Option 51: IP Address Lease Time
Option 53: DHCP Message Type
Option 54: Server Identifier
Option 55: Parameter Request List
Option 66: TFTP Server Name (used for PXE boot)
Option 150: TFTP Server Address (used for VoIP phones)
DHCP Reservations and Static IPs
DHCP Reservation: Maps a specific MAC address to a fixed IP in the DHCP server. The device still uses DHCP but always gets the same IP. Useful for servers or printers.
Static IP: Manually configured on the device, bypassing DHCP. Must ensure the IP is outside the DHCP scope to avoid conflicts.
DNS and DHCP Interaction
DHCP often provides the DNS server addresses (Option 6) to clients. Clients then use these DNS servers for name resolution. In enterprise networks, DHCP can also register client hostnames in DNS (dynamic DNS updates). This integration allows clients to be reachable by name.
Common DNS and DHCP Commands
Windows:
- ipconfig /displaydns : Shows DNS resolver cache
- ipconfig /flushdns : Clears DNS cache
- nslookup : Queries DNS servers interactively
- ipconfig /release and ipconfig /renew : Manually release/renew DHCP lease
- ipconfig /all : Shows DHCP lease info, DNS servers, etc.
Linux/macOS:
- systemd-resolve --flush-caches or sudo killall -HUP mDNSResponder (macOS)
- dig or nslookup : DNS queries
- dhclient -r and dhclient : Release/renew DHCP
- ip addr show : Shows IP config
Troubleshooting DNS and DHCP
DNS issues: Check if the DNS server is reachable (ping), verify the client's DNS settings, flush cache, use nslookup to test resolution. Common causes: wrong DNS server IP, server down, firewall blocking port 53, stale cache.
DHCP issues: Check if the client has an IP (169.254.x.x indicates APIPA, meaning no DHCP response), verify DHCP server is running and scope has available addresses, ensure no IP conflicts. Use ipconfig /all to see lease info.
Security Considerations
DNS: Cache poisoning, DNS spoofing, DNSSEC (DNS Security Extensions) to validate responses. Use secure DNS (DNS over HTTPS/TLS) for privacy.
DHCP: Rogue DHCP servers can assign malicious gateways/DNS. Use DHCP snooping on switches to filter unauthorized DHCP server responses.
Client Sends DHCP Discover
When a device boots up or connects to a network, it has no IP address. It sends a DHCPDISCOVER packet as a broadcast to UDP port 67. The source IP is 0.0.0.0 because it has no IP yet, and the destination is 255.255.255.255 (limited broadcast). The packet includes the client's MAC address and a transaction ID. This broadcast is received by all hosts on the subnet, but only DHCP servers process it. If the client has previously had an IP, it may include the requested IP in the 'requested IP address' option.
DHCP Server Sends Offer
Upon receiving the DHCPDISCOVER, any DHCP server on the subnet responds with a DHCPOFFER packet. This is also a broadcast (or unicast if the client set the broadcast flag to 0). The offer includes an available IP address, subnet mask, lease duration, server identifier (the server's IP), and other options like default gateway and DNS servers. The server reserves the offered IP temporarily to avoid double assignment. The client may receive multiple offers from different servers.
Client Requests the Offer
The client chooses one offer (usually the first received) and broadcasts a DHCPREQUEST packet. This broadcast informs all servers which offer was accepted. The packet includes the server identifier of the chosen server. Other servers see this and release their reserved IPs back to the pool. The client still has no IP at this point; it uses 0.0.0.0 as source. The destination is 255.255.255.255. The client may also include a 'requested IP address' option matching the offered IP.
Server Acknowledges Lease
The chosen DHCP server receives the DHCPREQUEST and responds with a DHCPACK packet. This is the final step. The ACK includes the leased IP address, subnet mask, lease duration, and all requested options. The client now configures its network interface with these parameters. It may also perform a duplicate address detection (ARP probe) to ensure no other device is using that IP. The lease is now active, and the client will attempt to renew it after 50% of the lease time.
DNS Resolution Query
When a user types a URL in a browser, the operating system's DNS resolver first checks the local cache. If the record is not cached, it sends a DNS query (usually recursive) to the configured DNS server (obtained via DHCP or static). The query is a UDP packet to port 53 (or TCP if the response is large). The resolver includes the domain name and record type (e.g., A for IPv4). If the DNS server has the answer cached, it returns it; otherwise, it performs iterative queries starting from the root servers.
In enterprise environments, DNS and DHCP are critical services that must be robust and redundant. For example, a mid-sized company with 500 employees might run two DHCP servers (one primary, one secondary) to ensure high availability. The DHCP scope would cover the 192.168.1.0/24 subnet with a lease time of 8 hours (to accommodate mobile devices). Reservations are configured for servers (e.g., domain controller at 192.168.1.10) and printers. The DNS servers are typically Active Directory-integrated, with forward lookup zones for the internal domain (e.g., contoso.local) and forwarders for external queries (e.g., 8.8.8.8). Dynamic DNS updates allow clients to register their hostnames, making it easy to ping 'john-laptop' instead of remembering IPs.
Another scenario: a school with a guest Wi-Fi network. The guest VLAN uses a separate DHCP scope with a shorter lease (e.g., 1 hour) to handle many transient devices. The DHCP server assigns a public DNS like 1.1.1.1 and a captive portal gateway. The DNS server may block malicious domains via content filtering. Misconfiguration here could lead to guest devices getting IPs from the wrong scope (e.g., internal VLAN) or DNS not resolving, causing 'no internet' complaints.
A common misconfiguration is setting the DHCP scope to include the router's IP as a reservation, but forgetting to exclude it from the pool, causing IP conflicts. Another is failing to set the correct DNS server option, leading to name resolution failures. In one case, a company's entire internet went down because the DHCP server was handing out a stale DNS server IP that had been decommissioned. Troubleshooting involved checking client DHCP options with ipconfig /all and verifying the DHCP server's configuration.
Performance considerations: DNS servers should be cached heavily to reduce latency. A typical recursive resolver can handle thousands of queries per second. DHCP servers should have enough IPs in the scope to accommodate peak device counts. For large networks, DHCP relay agents (RFC 1542) forward broadcasts across subnets so one central DHCP server can serve multiple VLANs.
The CompTIA A+ 220-1101 exam (Objective 2.1) expects you to understand the purpose and basic operation of DNS and DHCP, not deep configuration of enterprise servers. Focus on client-side configuration and troubleshooting. The exam will test:
- Objective 2.1: Compare and contrast TCP/IP protocols, including DHCP and DNS. Know their ports: DHCP (67/68), DNS (53). Know that DHCP uses DORA (Discover, Offer, Request, Acknowledge).
- Common wrong answers:
1. 'DNS uses port 53 TCP only' – It uses UDP primarily; TCP is used for zone transfers or large responses. Many candidates forget UDP.
2. 'DHCP uses two-way handshake' – It uses four steps (DORA). Some think it's just Request/Acknowledge.
3. 'APIPA addresses (169.254.x.x) indicate DNS failure' – Actually, APIPA means DHCP failed, not DNS.
4. 'The default gateway is provided by DNS' – No, it's from DHCP or static config.
- Key numbers: DHCP ports (67, 68), DNS port (53), lease renewal at 50% (T1), rebinding at 87.5% (T2).
- Edge cases: If a client has a static IP but the DHCP server also gives that IP, you get an IP conflict. The exam may ask what happens when a client cannot reach a DHCP server (it gets APIPA: 169.254.x.x with subnet 255.255.0.0).
- Elimination technique: If a question involves 'no internet but local network works', suspect DNS. If 'no network at all', suspect DHCP. If IP starts with 169.254, the issue is DHCP. Use ipconfig /all to see DHCP enabled or not.
Memorize: ipconfig /release, ipconfig /renew, ipconfig /displaydns, ipconfig /flushdns, nslookup.
DNS translates domain names to IP addresses; uses UDP port 53 primarily, TCP for zone transfers.
DHCP automates IP assignment via DORA (Discover, Offer, Request, Acknowledge); uses UDP ports 67 (server) and 68 (client).
DHCP lease renewal occurs at 50% (T1) and rebinding at 87.5% (T2) of lease time.
If DHCP fails, Windows clients use APIPA (169.254.x.x/16).
Common DNS troubleshooting commands: ipconfig /displaydns, ipconfig /flushdns, nslookup.
Common DHCP troubleshooting commands: ipconfig /release, ipconfig /renew, ipconfig /all.
DNS records include A (IPv4), AAAA (IPv6), CNAME (alias), MX (mail), NS (name server).
DHCP options include subnet mask (1), default gateway (3), DNS servers (6), lease time (51).
A DHCP reservation maps a MAC address to a specific IP within the DHCP scope.
A rogue DHCP server can cause network issues; use DHCP snooping to prevent it.
The root DNS servers are the top of the hierarchy; there are 13 logical root servers.
DNS caching reduces resolution time; TTL determines how long a record is cached.
These come up on the exam all the time. Here's how to tell them apart.
DHCP (Dynamic Host Configuration Protocol)
Automatically assigns IP, subnet mask, gateway, DNS, etc.
Uses DORA process (Discover, Offer, Request, Acknowledge)
Leases IPs for a limited time; renewal required
Reduces manual configuration errors
Requires a DHCP server; may fail if server is down
Static IP Configuration
Manually configured on each device
No protocol exchange; just set values in OS
IP is permanent until changed manually
Prone to typos and IP conflicts if not tracked
No dependency on a server; works offline
Mistake
DNS always uses TCP port 53.
Correct
DNS primarily uses UDP port 53 for queries. TCP port 53 is used only for zone transfers between DNS servers or when the response exceeds 512 bytes (or with DNSSEC). The exam expects UDP as the default.
Mistake
DHCP only assigns an IP address.
Correct
DHCP can assign subnet mask, default gateway, DNS servers, domain name, and other options (like TFTP server for PXE boot). It's a comprehensive configuration protocol.
Mistake
If you get an IP address, DNS is working.
Correct
Getting an IP from DHCP does not guarantee DNS works. DNS is a separate service. You can have a valid IP but no DNS resolution if the DNS server is unreachable or misconfigured.
Mistake
APIPA addresses (169.254.x.x) are assigned by the DHCP server when no IP is available.
Correct
APIPA is a fallback mechanism of the operating system (Windows) when no DHCP server responds. The device self-assigns an IP in the 169.254.0.0/16 range. It is not from a DHCP server.
Mistake
You can have multiple DHCP servers on the same subnet without issues.
Correct
Multiple DHCP servers can exist if they manage non-overlapping scopes. If scopes overlap, clients may get offers from both, but only one is accepted. However, rogue DHCP servers can cause conflicts and security issues.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
DNS uses UDP port 53 for most queries. TCP port 53 is used for zone transfers between DNS servers or when the response is larger than 512 bytes. On the CompTIA A+ exam, remember that DNS uses UDP 53 by default.
APIPA (Automatic Private IP Addressing) is a Windows feature that assigns an IP address in the 169.254.0.0/16 range (with subnet mask 255.255.0.0) when a DHCP server is unavailable. It allows local communication but not internet access. It is a fallback, not a DHCP feature.
Open Command Prompt as Administrator and type `ipconfig /release` to release the current lease, then `ipconfig /renew` to obtain a new lease. This forces the DORA process. Use `ipconfig /all` to verify the new configuration.
A DHCP reservation assigns a specific IP to a device based on its MAC address, but the device still uses DHCP to get that IP. A static IP is manually configured on the device, bypassing DHCP entirely. Reservations are easier to manage centrally; static IPs require manual updates on each device.
If the client has an IP but cannot browse, the issue is likely DNS. The DNS server might be unreachable or misconfigured. Check with `nslookup` to see if name resolution works. Alternatively, the default gateway might be wrong, but that usually prevents all internet access.
TTL (Time-to-Live) is a value in seconds that tells caching DNS servers how long to keep a record before discarding it. Common values are 300 (5 minutes) to 86400 (24 hours). Lower TTLs are used for dynamic records; higher TTLs reduce load on authoritative servers.
Open Command Prompt as Administrator and type `ipconfig /flushdns`. This clears the local DNS resolver cache, forcing the system to query DNS servers again. It's useful when troubleshooting outdated or corrupted cache entries.
You've just covered DNS and DHCP Configuration for A+ — now see how well it sticks with free 220-1101 practice questions. Full explanations included, no account needed.
Done with this chapter?