Free Trial
Products Products
MSP360 Backup Backup and Recovery
MSP360 Backup Backup and Recovery
Overview
back up DATA FROM
Windows VMware/Hyper-V MacOS Microsoft 365 Linux Google Workspace
BACK UP DATA TO
AWS Google Wasabi Azure B2 Local
MSP360 RMM IT Management MSP360 Connect included
MSP360 RMM IT Management
Overview
MONITOR AND MANAGE
Windows macOS Linux
Prevent cyber threats
Endpoint threat prevention and protection (powered by Deep Instinct)
MSP360 Connect Remote Access
MSP360 Connect Remote Access
Overview
Connect FROM
Windows Android MacOS iOS
Connect TO
Windows MacOS
Pricing
Pricing Pricing
MSPs Internal IT
Solutions Solutions
Business type
Industries
MSP IT Departments Small Busness
Healthcare Education
Business type
MSP IT Departments Small Busness
INDUSTRIES
Healthcare Education
use cases
ENDPOINT PROTECTION
Ransomware Protection Endpoint Threatbr
Prevention and Protection
powered by Deep Instinct
Remote Access
Web-Based Remote Access Remote Support Remote Access Remote Work Remote Collaboration
IT Management
Patch Management Monitoring and Alerting Remote Device Management SNMP Monitoring
Backup and Recovery
Server Backup Backup for Windows Backup to AWS Desktop Backup Backup for MacOS Backup to Wasabi File Backup Backup for Linux Backup to B2 Image-Based Backup Backup for VMware/Hyper-V Backup to Azure SQL Server Backup Backup for Google Workspace (GSuite) Backup to Google Cloud Synology NAS Backup Backup for Microsoft 365 (O365) Back Up Locally Recovery
Not sure if MSP360 is for you?
Request a Call
Resources Resources
MSP University Blog Whitepapers and Assets Videos Webinars Events Customer Stories Forum
Support Support
US-Based Support My Cases Open a Case Knowledge Base Online Help
Partners Partners
technology partners
AWS Wasabi Backblaze Google Cloud Microsoft Azure Deep Instinct
Partners
Resellers Distributors Become a Partner
ALLIANCE PARTNERS
Leet Cyber Security
Company Company
About Legal Information Events Careers Leadership Team Contact Us Trust Center
Other Guides

MSP Business

HIDE BAR SHOW BAR
LESSON 1
Guide to Network Design
LESSON 2
Network Security Best Practices
LESSON 3
Sysadmin's Guide to Network Services
LESSON 4
Guide to Subnets and IP Addressing
LESSON 5
Sysadmin's Guide to Network Mapping
LESSON 6
Local, Cloud and Hybrid Network: Which One Should You Opt to?
LESSON 7
Guide to Network Hardware Selection
ON-DEMAND CONTENT
Downloadable Assets

Sysadmin’s Guide to Network Services

Network administrators utilize services every day to make their lives easier. These network services run on the application layer of the OSI model and above. Services, when configured and administered correctly, can automate administrative processes and do work that may in the past have had to do manually.

Out of all of the different services that administrators work with, DHCP and DNS are ones that are integral to every network. Almost every business class router offers settings for both of these servers. Every PC technician knows how to configure these settings on individual PCs.

DHCP is used to automatically assign IP addresses to devices on your network. DNS is used to convert domain names to associated IP addresses. Every modern business network should have a server for each of these services. Administrators that take advantage of both of these services have an inside track on the configuration of their network.

DHCP

DHCP (or Dynamic Host Configuration Protocol) servers hand out IP addresses to devices that don't have them statically assigned. A network without a DHCP server must have static assignments on all existing hosts. some network administrators that feel that they have more control of their network by. manually configuring each device's network card. However, most modern business networks have a DHCP server.

Now that we understand what a NAS does and what it consists of, let's consider the questions you should ask yourself when picking a NAS.

New call-to-action

Overview

Software or hardware-based servers.

In many cases, DHCP servers are installed on physical machines running server operating systems. In simpler cases, these servers can be managed from a router. Almost every router available today offers a DHCP server. While software DHCP servers may be more configurable and offer more options, a router-based server will meet the needs of most businesses.

Static assignments over manual configurations.

There are some devices on every network that need to keep the same IP address at all times. This can be done in two ways - manual configurations at the device level or static reservations configured in the DHCP server. Using static reservations simplifies the process by keeping all of the IP address information, both static and dynamic, all in one place.

DHCP Best Practices

Following a few DHCP best practices will keep your network running at it's best. You need to make sure you have appropriately sized DHCP scopes. You should also be sure that those scopes aren't overlapping IP addresses that are already being used. As always, be sure to take security measures into an account. Here's an overview of DHCP best practices.

Have an appropriate amount of established IP addresses.

You need to have a good idea of the number of IP addresses that are going to need to have IP addresses assigned. It's important to remember that in today's networks, we're talking about more than just computers. Other devices that may be requesting IP addresses are VoIP phones and mobile devices, just to name a few. On top of all that, your DHCP scope should leave room for future growth as well.

Avoid overlapping static addresses.

While you can use DHCP server settings to assign static reservations to most devices, there will still be some devices on your network that need to keep the same IP address via manual configuration. When creating your DHCP scope, be sure to have an understanding of any IP addresses that are already being used with manual configurations. You can do a network scan or refer to your network map to see what IP addresses are already being used.

DHCP security best practices

You need to make sure that you are not allowing unwelcome devices to infiltrate your network. There are a few things to do to prevent this. Here's a list of DHCP security best practices:

  • Keep your business networks and guest networks separate.
  • If you are using a managed switch, be sure to disable unused ports.
  • Generate alerts from your DHCP server when an unrecognized device sends a DHCP request.

Whitepaper icon

New call-to-action
IT Security Assessment Checklist

Assess vulnerabilities and threats, network security, workspace and equipment security, documentation, and more. The pack includes:

  • a ready-to-print PDF file
  • an Excel file to help create a customizable assessment resource

DNS

DNS (or Domain Name System) is a service used primarily for translating domain names to IP addresses. In reality, this is just part of what DNS does. For our purposes - the role of DNS plays on a local network - we only need to be concerned about this base understanding. Very often, the DNS settings on a local server are ignored. Administrators who want more control of their network are sure to take advantage of these options.

Overview

Taking advantage of DNS on your network can be powerful. It's easy to take the simple router and forward on the DNS servers provided by your internet service provider to your PCs and walk away. With a little bit of work, however, you can configure a local DNS server to make your job as a network administrator easier. This involves setting up local naming on the network for easier device lookups, and using DNS for content filtering or blocking ads.

Global DNS servers or local servers

There are a number of popular, widely regarded global DNS servers available for doing most of your translation for you. Here are the most popular ones out there today:

  • Google. 8.8.8.8, 8.8.4.4, and 4.4.4.4.
  • OpenDNS. 208.67.222.222 and 208.67.220.220.
  • Level 3. 4.2.2.1 through 4.2.2.6.

While administrators should take advantage of having their own local DNS server, requests domain name translation to websites on the internet should be sent to one of these global DNS servers.

Local network naming

When we consider domain name resolution, a lot of times we are thinking about resolving domain names for websites on the internet. One of the best uses of DNS, however, is resolving hostnames on your local network.

Instead of having to memorize the IP addresses of your servers, use hostnames instead. Additionally, you can use your local DNS server to set up multiple names to resolve to a specific IP address.

There are a number of different devices on your network that will make things simpler. These include the following.

  • Printers. Printer selection made clearer with descriptive hostnames, rather than memorized IP addresses.
  • Terminal servers. Connect to your servers by name.
  • PCs. Recognize and identify trouble computers instantly.

Having devices such as printers, servers, and PCs named accurately helps administrators do their job more efficiently.

Can be used for content filtering or ad blocking

Administrators can take advantage of DNS server settings for security purposes as well. With a few different third-party tools, you can use DNS to filter web content and block ads.

Administrators can use services such as OpenDNS to filter web content. In this example, your DNS server is configured to send website resolution requests to the OpenDNS servers (208.67.222.222 and 208.67.220.220). Configurations can be made to block requests (by category or by domain name) from specific source IP addresses.

Administrators that are knowledgeable in configuring Linux servers can install a PiHole server on their network to utilize DNS to block ads on websites. Your PiHole server will check in with a central database to recognize domain names and IP addresses that are used by web advertisers and block requests to them.

DNS Best Practices

Like DHCP, there are a number of best practices to follow for DNS as well. There are a number of different things to consider, and a few will be covered here. To reduce confusion, descriptive hostnames should be used on local networks. Additionally, all unrecognized, Untrusted DNS servers should be forbidden outbound access.

Use descriptive hostnames on local networks

The larger your network grows, the more confusing things get. You need to make sure you use a logical naming scheme for all of the devices on your network. The hostnames that you assign your devices should be easily recognized for troubleshooting and configuration purposes.

An example of a naming scheme could include device location, purpose, and a numerical value. Here are a few examples of this.

  • A PC in the accounting office: ACCTPC01
  • The second server in the communications room: COMMSERV02
  • The printer in the branch office in Springfield: SPRINGPRINT001

Your naming scheme doesn't have to be the same as this. The main point is that it is descriptive enough to save you time when the device needs to be recognized.

Forbid Untrusted DNS servers

Ideally, all of the devices on your network are provided DNS server settings via DHCP. Even so, there still may be devices on your network that use manually configured DNS servers for resolution requests. As a security practice, you should have a list of DNS servers that are allowed to perform resolution requests, and forbid all others.

Some DNS servers aren't updated fast enough and won't be able to translate all requests. Other more malicious DNS servers will intentionally direct traffic to malicious websites for the purposes of infiltrating your network. Allowing requests to these servers outbound access creates a security loophole that you want to keep closed.

Conclusion

Knowledgeable network administrators take full advantage of available network services to manage their network. DHCP can be used to assign IP addresses and DNS servers. DNS servers are used to translate hostnames and domain names on both locally and on the internet.

Your DHCP server should be configured correctly from the start along with proper implementation of DHCP security best practices. You should have a fair understanding amount of IP addresses that you need in your scope, and where your static IP addresses lie and how you want to configure them. For DNS, administrators should enforce policies that forbid untrusted public servers and strict naming schemes.

Administrators who have a handle on their DHCP and DNS servers are taking a huge step in the direction of knowledgeable network management. With both of these tools, you'll have a better idea of what's going on in your network.

FREE EBOOK
Network Admin Handbook

This eBook provides an overview of how to design an efficient and effective network:

  • How to choose routers and switches
  • Overview of DCHP and DNS
  • Guide to subnets and IP addresses, and more
New call-to-action
Whitepaper icon