Inrupt’s Post

In yesterday’s post, we delved into the advantages and disadvantages of high and low values of Time to Live (TTL) in cache. Today, we will shift our focus to Domain Name System (DNS) and subsequently explore the relevance of TTL and Cache for DNS in next post. DNS (Domain Name System) is like a phone book for the internet, helping you find the location of a website by mapping a user-friendly domain name to the IP address of a computer. The DNS system consists of three main components: the DNS resolver, the DNS root server, and the authoritative DNS server. 🌐 DNS Resolver: This is a software application that resides on your computer or your network’s DNS server. Its function is to receive your request for a domain name and query the DNS server for the corresponding IP address. Think of it like a messenger who delivers your request to the right address. 📲 DNS Root Server: This is the top-level server of the DNS hierarchy, storing information about the top-level domain (TLD) servers, such as .com, .net, .org, and so on. It acts as a directory that directs your request to the appropriate TLD server. Imagine it like a directory that helps the messenger find the right address. 📚 Authoritative DNS Server: This server stores information about the domain names and their corresponding IP addresses. It’s the final stop for your request, as it provides the actual IP address associated with the domain name you requested. Think of it like the actual address book that contains the contact information for the website you want to visit. 📝 #tpm #sharingexperiences #incidentmanagement Image Source - CircleID

What is DNS and why does it matter? Part 2... In my last post I discussed the importance of DNS, the associated nameservers, and how to determine where your DNS records are managed. Now nameservers (NS) aren't the only DNS records you have, they have friends, and your DNS records tells the internet where to find them. 🤗 Additional DNS records are of type... A (Address) --- pairs an IP Address to a domain name. CNAME (Canonical Name) --- an alias pointing one domain name to another domain name. MX (Mail Exchange) --- directs your domain's email to a mail server. SOA (Start of Authority) --- all domains have one - it's where important information such as the administrator's email address, server refresh interval, etc. is stored. TXT (Text) --- originally used as a place for simple notes - now used for a variety of purposes such as email authentication to help prevent spam (a topic for another day as I've already 'out-geeked' myself). 🤓 SRV (Server) --- defines the server name and port number for specific services. Now you are a DNS records expert! OK maybe not, but hopefully you know more than you did 5min ago... and remember, Define Technologies is here to help! 😁

𝘄𝘄𝘄[ . 𝗱𝗼𝘁]𝗲𝘅𝗮𝗺𝗽𝗹𝗲[ . 𝗱𝗼𝘁]𝗰𝗼𝗺 - Understanding the significance of "dot [.]" here is interesting. Let me break this for you. This interesting stuff comes from a concept of DNS [ Domain Name System ] which you all might have heard of. The interesting part here is of the 𝗛𝗶𝗲𝗿𝗮𝗿𝗰𝗵𝗶𝗰𝗮𝗹 𝗦𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 of any domain which is determined the position of dot[.] in them. Here, in 𝘄𝘄𝘄[ . 𝗱𝗼𝘁]𝗲𝘅𝗮𝗺𝗽𝗹𝗲[ . 𝗱𝗼𝘁]𝗰𝗼𝗺 we can see 2 dot's and this represents the hierarchical structure of the domain name. 1. com is a top-level domain (TLD). 2. example is a second-level domain (SLD). 3. www is a subdomain of example.com. The dot helps in clearly defining the different levels within the domain name, making it easier for DNS servers to manage and resolve domain names efficiently. 𝗘𝗮𝗰𝗵 𝗹𝗲𝘃𝗲𝗹 𝗶𝗻 𝘁𝗵𝗲 𝗵𝗶𝗲𝗿𝗮𝗿𝗰𝗵𝘆 𝗿𝗲𝗽𝗿𝗲𝘀𝗲𝗻𝘁𝘀 𝗮 𝗱𝗲𝗹𝗲𝗴𝗮𝘁𝗶𝗼𝗻 𝗼𝗳 𝗮𝘂𝘁𝗵𝗼𝗿𝗶𝘁𝘆. The top-level domains (like .com, .org, .net) are managed by specific organisations, while the second-level domains are delegated to registrants who can create subdomains as needed. This is how the dot in domain extensions plays a crucial role in maintaining the organisation, management, and clarity of domain names in the DNS system.

New version of Veeam Backup and Replication 12.1.2 is available to download. Get a lot of improvements, upgrade now https://lnkd.in/eP_XN_qu #JoesBackupTipps #Veeam100

As you know, using the 𝐂𝐞𝐫𝐭𝐢𝐟𝐢𝐜𝐚𝐭𝐞 𝐀𝐮𝐭𝐨𝐞𝐧𝐫𝐨𝐥𝐥𝐦𝐞𝐧𝐭 feature in Active Directory Domain Services-based environments is one of the game-changing features compared to other operating systems. This functionality actually makes 𝐄𝐀𝐏-𝐓𝐋𝐒-based 802.1X implementations in large environments possible. However, this feature has its own unique challenges... One of the most common challenges is the absence of the current organization's Enterprise Root CA certificate in the "𝐓𝐫𝐮𝐬𝐭𝐞𝐝 𝐑𝐨𝐨𝐭 𝐂𝐞𝐫𝐭𝐢𝐟𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐀𝐮𝐭𝐡𝐨𝐫𝐢𝐭𝐢𝐞𝐬" certificate store. Without this certificate, the autoenrollment operation fails, and you encounter endpoints and users who cannot connect to the network due to the lack of a certificate for EAP-TLS operation to succeed. The good news is that when you join a computer to a domain, the certificate related to the current organization's Enterprise Root CA will be automatically installed in the "𝐓𝐫𝐮𝐬𝐭𝐞𝐝 𝐑𝐨𝐨𝐭 𝐂𝐞𝐫𝐭𝐢𝐟𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐀𝐮𝐭𝐡𝐨𝐫𝐢𝐭𝐢𝐞𝐬" certificate store. To ensure the succession of this operation, look for the current your organization Root CA cert in "𝐓𝐫𝐮𝐬𝐭𝐞𝐝 𝐑𝐨𝐨𝐭 𝐂𝐞𝐫𝐭𝐢𝐟𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐀𝐮𝐭𝐡𝐨𝐫𝐢𝐭𝐢𝐞𝐬" certificate store of "𝐜𝐞𝐫𝐭𝐥𝐦.𝐦𝐬𝐜" console. If you have endpoints that have not installed the current your organization Root CA cert in "𝐓𝐫𝐮𝐬𝐭𝐞𝐝 𝐑𝐨𝐨𝐭 𝐂𝐞𝐫𝐭𝐢𝐟𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐀𝐮𝐭𝐡𝐨𝐫𝐢𝐭𝐢𝐞𝐬" certificate store, as the first troubleshooting step, delete the following registry key, reboot the system and check again... 𝐇𝐊𝐄𝐘_𝐋𝐎𝐂𝐀𝐋_𝐌𝐀𝐂𝐇𝐈𝐍𝐄\𝐒𝐎𝐅𝐓𝐖𝐀𝐑𝐄\𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭\𝐂𝐫𝐲𝐩𝐭𝐨𝐠𝐫𝐚𝐩𝐡𝐲\𝐀𝐮𝐭𝐨𝐄𝐧𝐫𝐨𝐥𝐥𝐦𝐞𝐧𝐭\𝐀𝐄𝐃𝐢𝐫𝐞𝐜𝐭𝐨𝐫𝐲𝐂𝐚𝐜𝐡𝐞 #ise_quick_tip

Here's a quick reminder of request method distinctions. GET: Retrieves data from a server. PUT: Replaces the existing resource with the provided data. PATCH: Updates the specific part of the resource specified. DELETE: Removes a resource from the server. POST: Modifies the server state, such as creating a new resource. Sometimes I confuse PUT and PATCH or forget that POST doesn't always have a body. 🎓

HTTPS step-by-step: 1. Client Hello: • The client (browser) sends a “Client Hello” message to the server, which includes: • Supported SSL/TLS versions • List of supported cipher suites • Randomly generated data for key generation 2. Server Hello: • The server responds with a “Server Hello” message, which includes: • Chosen SSL/TLS version • Chosen cipher suite • Randomly generated data for key generation 3. Server Certificate: • The server sends its digital certificate to the client. This certificate includes: • The server’s public key • Information about the server • A signature from a trusted Certificate Authority (CA) 4. Certificate Verification: • The client verifies the server’s certificate against a list of trusted CAs. • If the certificate is valid, the client proceeds to the next step. 5. Server Key Exchange (Optional): • Depending on the chosen cipher suite, the server may send additional key exchange data. 6. Client Key Exchange: • The client generates a pre-master secret and encrypts it with the server’s public key. • The client sends the encrypted pre-master secret to the server. 7. Key Generation: • Both the client and the server use the pre-master secret along with the random data generated during the Hello messages to generate the session keys. • These session keys are symmetric keys used for encrypting and decrypting the data during the session. 8. Finished Messages: • Both the client and the server send a “Finished” message to each other. • These messages are encrypted with the session keys to ensure that the key exchange and the handshake were successful. 9. Secure Data Transmission: • The client and the server use the session keys to encrypt and decrypt the data they exchange. • This ensures confidentiality, integrity, and authenticity of the data.

GET - Retrieves data from a server at the specified resource. HEAD - Works the same as the GET method, but the server replies without the body. POST- Creates a new resource PATCH - Allows partial modifications to a resource PUT - Replaces all current representations of the target resource  DELETE - Removes the defined resource OPTIONS - Returns the HTTP methods supported by the server for the specified URL Rest API Response Codes Here are some sample Response Codes which we will normally see while performing REST API testing over POSTMAN or over any REST API client. #1) 100 Series These are temporary Responses 100 Continue 101 Switching Protocols 102 Processing #2) 200 Series The client accepts the Request, being processed successfully at the server. 200 – OK 201 – Created 202 – Accepted 203 – Non-Authoritative Information 204 – No Content 205 – Reset Content 206 – Partial Content 207 – Multi-Status 208 – Already Reported 226 – IM Used #3) 300 Series Most of the codes related to this series are for URL Redirection. 300 – Multiple Choices 301 – Moved Permanently 302 – Found 303 – Check Other 304 – Not Modified 305 – Use Proxy 306 – Switch Proxy 307 – Temporary Redirect 308 – Permanent Redirect #4) 400 Series These are specific to client-side error. 400 – Bad Request 401 – Unauthorised 402 – Payment Required 403 – Forbidden 404 – Not Found 405 – Method Not Allowed 406 – Not Acceptable 407 – Proxy Authentication Required 408 – Request Timeout 409 – Conflict 410 – Gone 411 – Length Required 412 – Precondition Failed 413 – Payload Too Large 414 – URI Too Long 415 – Unsupported Media Type 416 – Range Not Satisfiable 417 – Expectation Failed 418 – I’m a teapot 421 – Misdirected Request 422 – Unprocessable Entity 423 – Locked 424 – Failed Dependency 426 – Upgrade Required 428 – Precondition Required 429 – Too Many Requests 431 – Request Header Fields Too Large 451 – Unavailable For Legal Reasons #5) 500 Series These are specific to the server-side error. 500 – Internal Server Error 501 – Not Implemented 502 – Bad Gateway 503 – Service Unavailable 504 – Gateway Timeout 505 – HTTP Version Not Supported 506 – Variant Also Negotiates 507 – Insufficient Storage 508 – Loop Detected 510 – Not Extended 511 – Network Authentication Required

Veeam 12.1 is out, and it's time to upgrade the Homelab. I wrote a post on this, how easy it was to upgrade B&R and Veeam One! Check it out. #VeeamVanguard #vExpert #CiscoChampion https://lnkd.in/efGPQn7F

OAuth2.0