This chapter covers two foundational network services: DNS and DHCP. DNS translates human-readable domain names to IP addresses, while DHCP automatically assigns IP configurations to devices. For the N10-009 exam, these topics appear in roughly 15-20% of questions, often in troubleshooting, configuration, and protocol interaction scenarios. Understanding their mechanisms, default values, and common misconfigurations is critical for passing the exam and for real-world network administration.
Jump to a section
Imagine a large office building where every employee has a desk phone with an extension number. When you want to call someone, you don't remember their extension; you look up their name in the company directory (DNS). The directory maps names to extension numbers. When you dial an employee by name, the directory system finds the correct extension and connects you. Now, when a new employee joins, the IT department automatically assigns them a desk and an extension number from a pool of available numbers (DHCP). The employee doesn't have to choose their own number; the system gives them one with a lease that expires after a set time. If the employee leaves, the number goes back to the pool. Additionally, the directory (DNS) is updated automatically with the new employee's name and extension, so everyone can reach them. This whole system ensures that names are consistently resolved to numbers and that new devices get valid addresses without manual configuration.
What DNS Is and Why It Exists
DNS (Domain Name System) is a hierarchical, distributed database that maps domain names (like www.example.com) to IP addresses (like 93.184.216.34). Without DNS, users would have to memorize numeric IP addresses for every website or service. The system relies on a tree structure: the root domain (.), top-level domains (TLDs) like .com, .org, .net, second-level domains (example.com), and subdomains (www, mail). Each level is managed by authoritative name servers. DNS uses UDP port 53 for queries and TCP port 53 for zone transfers and responses over 512 bytes.
How DNS Resolution Works Internally
When a client wants to resolve a domain, it first checks its local DNS cache. If not found, it sends a recursive query to its configured DNS resolver (often provided by DHCP). The resolver then performs iterative queries: it asks the root servers for the TLD server, then the TLD server for the authoritative server for the domain, and finally the authoritative server for the record. The resolver caches the result and returns it to the client. The entire process uses time-to-live (TTL) values to control caching duration. Common record types include A (IPv4 address), AAAA (IPv6), CNAME (canonical name), MX (mail exchange), NS (name server), and PTR (reverse lookup).
Key DNS Components and Defaults
DNS Resolver: The server that performs recursive lookups. Default cache size varies; Windows uses 1 MB by default. TTL for negative responses (NXDOMAIN) is typically 60-300 seconds (RFC 2308).
Authoritative Name Server: Holds the actual DNS records for a domain. Default SOA (Start of Authority) timers: Refresh (3600s), Retry (600s), Expire (86400s), Minimum TTL (3600s).
Root Hints: A file containing the IP addresses of the 13 root servers (e.g., a.root-servers.net). Used by resolvers to bootstrap the iterative process.
Forwarders: A resolver can forward queries to another resolver instead of performing iterative queries. Common in enterprise networks to centralize DNS traffic.
Stub Resolver: A minimal resolver on the client that only sends queries to a configured resolver (no recursion).
DHCP: Purpose and Mechanism
DHCP (Dynamic Host Configuration Protocol) automates IP address assignment, subnet mask, default gateway, DNS servers, and other parameters. It uses UDP ports 67 (server) and 68 (client). The process follows four steps (DORA): Discover, Offer, Request, Acknowledge. A client sends a DHCPDISCOVER broadcast (destination IP 255.255.255.255, source 0.0.0.0). The server responds with a DHCPOFFER containing an available IP address. The client then sends a DHCPREQUEST to accept the offer. The server finalizes with a DHCPACK. The address is leased for a configurable duration (default on Windows Server is 8 days). The client attempts to renew at 50% of lease time, then rebind at 87.5% if no renewal.
DHCP Components and Options
Scope: A range of IP addresses that DHCP can assign. Defined per subnet.
Exclusion Range: Addresses within a scope that are not leased (e.g., for static devices).
Reservation: A permanent lease for a specific MAC address (e.g., for servers).
Options: DHCP provides additional configuration: Option 3 (Router), Option 6 (DNS Servers), Option 15 (Domain Name), Option 51 (Lease Time), Option 66 (TFTP server), Option 150 (TFTP server for VoIP).
Relay Agent: A device (usually a router) that forwards DHCP broadcasts across subnets. It adds the gateway IP address (giaddr) to the packet so the server knows which subnet to assign an address from.
DNS and DHCP Interaction
Dynamic DNS (DDNS) integrates DHCP with DNS. When a DHCP server assigns an IP to a client, it can automatically update the DNS server with the client's hostname and new IP. This is common in Active Directory environments. The DHCP server sends a DNS update request (RFC 2136). The DNS server then creates or updates the A (and PTR) record. This ensures that hostname resolution stays current without manual intervention. The N10-009 exam may test the scenario where DDNS fails due to permissions or network issues.
Configuration and Verification Commands
Windows (DNS):
- nslookup : Query DNS records (e.g., nslookup www.example.com).
- ipconfig /displaydns : Show local DNS cache.
- ipconfig /flushdns : Clear DNS cache.
- dnscmd : Manage DNS server (e.g., dnscmd /RecordAdd example.com www A 192.168.1.10).
Linux (DNS):
- dig : Advanced DNS query (e.g., dig www.example.com).
- nslookup : Also available.
- host : Simple DNS lookup.
- systemd-resolve --flush-caches : Clear DNS cache (systemd).
Windows (DHCP):
- ipconfig /all : View DHCP lease details.
- ipconfig /release : Release DHCP lease.
- ipconfig /renew : Renew DHCP lease.
- netsh dhcp server scope show : View scope configuration.
Linux (DHCP):
- dhclient : DHCP client (e.g., sudo dhclient eth0).
- cat /var/lib/dhcp/dhclient.leases : View lease file.
- nmcli : NetworkManager CLI for DHCP.
Troubleshooting DNS and DHCP
Common issues include:
- DNS resolution failure: Check if the resolver IP is correct (often from DHCP). Use nslookup to test against a known working DNS server like 8.8.8.8. Verify firewall allows UDP 53.
- DHCP no offer: Ensure the DHCP server is running and has available addresses. Check if the client is on the correct VLAN; use a relay agent if needed. Verify that the client's MAC address is not excluded.
- IP conflict: Two devices have the same IP. Use arp -a to see MAC addresses. Check DHCP scope for overlapping static addresses.
- Lease expiration: Client loses IP after lease expires. Check DHCP logs for renewal failures. Ensure network connectivity to DHCP server.
Security Considerations
DNS Cache Poisoning: Attacker injects false records into a resolver's cache. Mitigated by DNSSEC (DNS Security Extensions), which adds digital signatures.
DHCP Starvation: Attacker sends many DHCP requests to exhaust the address pool. Mitigated by DHCP snooping on switches (validates DHCP messages based on trusted ports).
Rogue DHCP Server: An unauthorized server offers addresses. Mitigated by DHCP snooping and port security.
Exam Relevance
For N10-009, focus on:
The DORA process and which message is broadcast vs unicast.
Default lease times and renewal percentages.
DNS record types (A, AAAA, CNAME, MX, PTR).
The role of the DHCP relay agent.
Common troubleshooting commands (ipconfig /all, nslookup, dig).
How DDNS integrates DNS and DHCP.
Security threats and mitigations.
Summary
DNS and DHCP are critical services that enable network communication. DNS resolves names to IPs, while DHCP automates IP configuration. They often work together via DDNS. Understanding their protocols, default values, and troubleshooting methods is essential for network administration and the N10-009 exam.
Client initiates DHCP Discover
When a device (client) first connects to a network, it has no IP address. It sends a DHCPDISCOVER message as a broadcast (destination IP 255.255.255.255, source IP 0.0.0.0) over UDP port 67. This message includes the client's MAC address and may request specific options like a particular IP or lease time. The broadcast is confined to the local subnet unless a DHCP relay agent forwards it. The client then waits for a DHCPOFFER from a server.
Server responds with DHCP Offer
A DHCP server listening on UDP port 67 receives the DISCOVER. It selects an available IP address from its scope (based on the subnet of the receiving interface or relay agent's giaddr). The server sends a DHCPOFFER back to the client, typically as a unicast (if the client's IP is known) or broadcast (if not). The offer includes the offered IP address, subnet mask, lease duration, and other options like gateway and DNS. The server reserves the IP temporarily (typically 2 minutes) until the client responds or the timer expires.
Client sends DHCP Request
The client may receive multiple OFFERs from different servers. It selects one (usually the first received) and sends a DHCPREQUEST broadcast (source IP 0.0.0.0, destination 255.255.255.255). This broadcast informs all servers which offer was accepted. The request includes the server identifier (IP of the chosen server) and the requested IP. The client now transitions to the REQUESTING state and waits for an acknowledgment.
Server finalizes with DHCP Acknowledge
The selected DHCP server receives the REQUEST. It confirms the lease by sending a DHCPACK packet to the client (unicast or broadcast). The ACK includes the final IP address, lease duration, and all requested options. The client then configures its network interface with the provided settings and starts using the IP. The lease timer begins; the client will attempt renewal at 50% of the lease time (renewal interval) and rebind at 87.5% if renewal fails.
Client renews or releases lease
At 50% of the lease time (T1), the client sends a unicast DHCPREQUEST directly to the leasing server to renew the lease. The server responds with a DHCPACK, resetting the lease timer. If no response, at 87.5% (T2), the client broadcasts a DHCPREQUEST to any server. If still no response, the lease expires and the client stops using the IP. The client can also send a DHCPRELEASE to voluntarily give up the lease (e.g., on shutdown).
Enterprise DHCP Deployment
In a typical enterprise with 5,000 employees, DHCP is deployed on redundant servers (e.g., Windows Server DHCP failover or ISC DHCP with load balancing). Scopes are defined per VLAN, with each VLAN having its own subnet. DHCP relay agents (IP helpers) are configured on Layer 3 switches to forward broadcasts from each VLAN to the DHCP servers. Lease times are often set to 8 days for workstations but 1-2 hours for guest Wi-Fi to reduce stale leases. Reservations are used for printers and servers to ensure stable IPs. A common issue is running out of addresses in a scope due to too many temporary devices (e.g., BYOD). Monitoring DHCP logs for high utilization (over 80%) triggers scope expansion.
DNS in a Multi-Site Environment
A global company with offices in New York, London, and Tokyo uses Active Directory integrated DNS. Each site has a domain controller that also acts as a DNS server, configured with forwarders to the corporate DNS servers at headquarters. Internal domains (e.g., corp.example.com) are hosted on these servers, while external queries are forwarded to public DNS (e.g., 8.8.8.8). TTLs are set low (300 seconds) for internal records to support fast failover. A common problem is DNS resolution failure when a site link goes down; clients fail to query the local DNS server and time out. Stub zones or conditional forwarders are used to resolve between sites. DNSSEC is enabled for internal zones to prevent cache poisoning.
DDNS Integration with DHCP
In a Windows environment, DHCP servers are configured to dynamically update DNS records for clients. When a client receives a lease, the DHCP server sends a DNS update request to the DNS server, creating or updating the A record (and PTR record). This ensures that hostnames are always current. A common misconfiguration is when the DHCP server lacks permissions to update DNS (e.g., secure dynamic updates require the DHCP server to be in the DnsUpdateProxy group). Another issue is that if a client has a static IP but the DHCP server still updates DNS, duplicate records can occur. Troubleshooting involves checking DNS event logs and using ipconfig /registerdns to force a manual update.
N10-009 Exam Focus on DNS and DHCP
The CompTIA Network+ N10-009 exam covers DNS and DHCP under Objective 2.5: 'Given a scenario, configure and deploy common network services.' Expect questions on: - DHCP DORA process: Know the order and which messages are broadcast vs unicast. DHCPDISCOVER and DHCPREQUEST are broadcast; DHCPOFFER can be unicast or broadcast; DHCPACK is typically broadcast. - Default lease times: Windows Server default is 8 days; renewal at 50% (4 days), rebind at 87.5% (7 days). Exam may ask: 'At what percentage of lease time does a DHCP client attempt to renew?' Answer: 50%. - DNS record types: A (IPv4), AAAA (IPv6), CNAME (alias), MX (mail), PTR (reverse), NS (name server). Exam may ask: 'Which DNS record type maps a hostname to an IPv6 address?' Answer: AAAA. - DHCP relay agent: The exam tests that a relay agent (IP helper) forwards DHCP broadcasts across subnets by inserting its own IP into the giaddr field. - DDNS: Understand that DHCP can update DNS automatically; secure dynamic updates require authentication. - Common wrong answers: Candidates often confuse DHCPOFFER with DHCPACK, or think DHCPREQUEST is unicast (it's broadcast). Another trap: thinking DNS uses TCP only (it uses UDP for queries, TCP for zone transfers and large responses). - Edge cases: If a DHCP client receives no ACK, it may use an Automatic Private IP Addressing (APIPA) address (169.254.x.x). The exam may test that APIPA is used when DHCP fails. Also, DNS root hints are used by resolvers, not by authoritative servers. - Eliminating wrong answers: On a question about 'Which DHCP message is broadcast?' eliminate any answer that says unicast. For DNS, if the question mentions 'zone transfer', know it uses TCP port 53.
Specific Numbers to Memorize
DNS default port: UDP 53 (queries), TCP 53 (zone transfers).
DHCP ports: UDP 67 (server), 68 (client).
DHCP lease renewal: 50% (T1), rebind 87.5% (T2).
APIPA range: 169.254.0.0/16.
Root servers: 13 logical root servers (e.g., a.root-servers.net).
SOA timers: Refresh (3600s), Retry (600s), Expire (86400s), Minimum TTL (3600s).
Exam Tips
Always read the question carefully: Is it asking about DHCP or DNS? What is the specific message or record type?
Use process of elimination: If a question mentions 'broadcast' and the option is unicast, discard it.
Remember that DHCPREQUEST is broadcast to accept an offer, but a renewal request is unicast.
For DNS, understand the difference between recursive and iterative queries. Recursive: resolver does all work. Iterative: resolver follows referrals.
Practice with nslookup and ipconfig commands to understand output.
Common Exam Scenarios
A user cannot access the internet but can ping by IP. Likely DNS resolution failure. Check DNS server configuration.
A laptop gets an IP in the 169.254.x.x range. DHCP server is unreachable or out of addresses.
A new server is added but cannot be reached by hostname. DNS record missing; check DDNS or manual A record.
After changing DHCP scope, clients still get old IPs. Lease renewal has not occurred; force renew with ipconfig /renew.
DNS uses UDP port 53 for queries and TCP port 53 for zone transfers.
DHCP uses UDP ports 67 (server) and 68 (client).
DHCP DORA process: Discover (broadcast), Offer (unicast/broadcast), Request (broadcast), Acknowledge (unicast/broadcast).
Default DHCP lease time on Windows Server is 8 days; renewal at 50% (4 days), rebind at 87.5% (7 days).
APIPA address range is 169.254.0.0/16, used when DHCP fails.
DNS record types: A (IPv4), AAAA (IPv6), CNAME (alias), MX (mail), PTR (reverse), NS (name server).
DHCP relay agent (IP helper) forwards DHCP broadcasts across subnets by adding the gateway IP (giaddr).
Dynamic DNS (DDNS) allows DHCP to automatically update DNS records.
Root servers are 13 logical servers that provide referrals to TLD servers.
Common troubleshooting commands: ipconfig /all, ipconfig /release, ipconfig /renew, nslookup, dig.
These come up on the exam all the time. Here's how to tell them apart.
Recursive DNS Query
Client sends query to resolver; resolver does all work.
Resolver must return the final answer or an error.
Used by client stub resolvers.
Resolver may cache the result for future queries.
Typical in home and enterprise networks.
Iterative DNS Query
Server responds with the best answer it has (e.g., referral to another server).
Client must follow referrals to other servers.
Used between DNS servers (e.g., root to TLD).
No caching of final result at the responding server.
Used in the DNS hierarchy to distribute load.
Mistake
DHCPOFFER is always unicast to the client.
Correct
DHCPOFFER can be unicast or broadcast. If the server knows the client's IP (e.g., from a previous lease), it may unicast; otherwise, it broadcasts because the client has no IP yet. The exam often tests that OFFER may be broadcast.
Mistake
DNS uses only UDP port 53.
Correct
DNS uses UDP 53 for standard queries, but TCP 53 is used for zone transfers and when the response exceeds 512 bytes (e.g., with DNSSEC). The exam may ask which protocol is used for zone transfers.
Mistake
DHCP lease time is always 8 days.
Correct
8 days is the default on Windows Server, but it is configurable. The exam might give a scenario with a different lease time and ask for renewal timing based on that value.
Mistake
A DHCP client always gets the same IP address.
Correct
By default, DHCP assigns IPs dynamically from a pool. To guarantee the same IP, a reservation must be configured based on MAC address. Otherwise, the client may get a different IP after lease expiration.
Mistake
DNS root servers contain records for all domains.
Correct
Root servers only store information about TLD name servers (e.g., .com, .org). They do not have records for individual domains like example.com. They direct queries to the appropriate TLD server.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
A DHCP scope is a range of IP addresses that the DHCP server can assign to clients. It defines the pool of addresses for a particular subnet. A DHCP reservation, on the other hand, is a permanent lease assigned to a specific MAC address. Reservations ensure that a device (e.g., a printer or server) always receives the same IP address. Reservations are configured within a scope. The exam may test that reservations are used for devices that need a consistent IP, while scopes provide dynamic allocation.
When a DHCP lease expires, the client stops using the IP address and reverts to an unconfigured state. It will attempt to obtain a new IP by sending a DHCPDISCOVER broadcast. If no DHCP server responds, the client may assign itself an APIPA address (169.254.x.x) after a timeout. The lease expiration is preceded by renewal attempts at 50% and 87.5% of the lease time. On the exam, you may be asked what happens if a client fails to renew at T1 and T2.
A DNS query can fail if the DNS server is unreachable (e.g., firewall blocking UDP 53), the resolver is misconfigured (wrong DNS server IP), or the DNS server cannot resolve the domain (e.g., no record or server offline). The client may have internet connectivity via IP but cannot resolve names. Troubleshooting steps include using nslookup to test against a known DNS server (e.g., 8.8.8.8) and checking the client's DNS settings with ipconfig /all.
A DHCP relay agent (also called IP helper) is a device, typically a router or Layer 3 switch, that forwards DHCP broadcast messages between subnets. It is needed when DHCP clients and servers are on different subnets because DHCP broadcasts are typically not routed. The relay agent intercepts DHCPDISCOVER broadcasts, adds its own IP address (giaddr) to identify the client's subnet, and forwards the message as a unicast to the DHCP server. The server then knows which scope to assign an IP from. The exam tests that relay agents enable DHCP across subnets.
DDNS integrates DHCP and DNS so that when a DHCP server assigns an IP to a client, it automatically updates the DNS server with the client's hostname and new IP. The DHCP server sends a DNS update request (RFC 2136) to the authoritative DNS server. The DNS server then creates or updates the A record (and optionally PTR record) for the client. This ensures that hostname resolution stays current without manual intervention. In Windows environments, secure dynamic updates require the DHCP server to have permissions to update DNS.
TTL (Time to Live) in DNS records specifies how long a resolver should cache the record before querying the authoritative server again. It is set in seconds. A low TTL (e.g., 300 seconds) means records are refreshed frequently, useful for services that change IPs often. A high TTL (e.g., 86400 seconds) reduces DNS query load but delays propagation of changes. The exam may test that TTL affects how quickly DNS changes take effect and that negative caching (NXDOMAIN) also has a TTL.
An A record maps a hostname directly to an IPv4 address (e.g., www.example.com -> 192.0.2.1). A CNAME record maps an alias hostname to another canonical hostname (e.g., blog.example.com -> www.example.com). The CNAME does not point to an IP; it points to another name, which must have an A or AAAA record. CNAMEs are often used for services like www and ftp pointing to the same server. A common exam trap is that a CNAME cannot coexist with other record types for the same name.
You've just covered DNS and DHCP Implementation — now see how well it sticks with free N10-009 practice questions. Full explanations included, no account needed.
Done with this chapter?