DNS, DHCP, and NAT Services

Services That Make Connectivity Usable

A network can be physically connected and still be unusable if its support services are broken. DNS, DHCP, and NAT are common examples. They are not the same service, and confusing them can slow troubleshooting. DHCP gives a host its addressing information. DNS resolves names to addresses. NAT translates addresses, most often between private inside networks and public outside networks.

DHCP, the Dynamic Host Configuration Protocol, reduces manual endpoint configuration. A DHCP client can request an address and receive a lease that includes an IP address, subnet mask or prefix length, default gateway, DNS server addresses, and other options. In a small office, the router or firewall might provide DHCP. In a larger network, a dedicated server may provide DHCP, and a router or Layer 3 switch may relay DHCP messages from each VLAN to that server. If DHCP fails, a client may self-assign an IPv4 link-local address in the 169.254.0.0/16 range or keep an old address until the lease expires.

DNS, the Domain Name System, maps human-friendly names to IP addresses. When a user enters www.example.com, the client asks a DNS resolver for the address. DNS problems can look like an Internet outage because names stop working, even though direct IP connectivity may still exist. A good technician test is to compare name-based access with address-based tests. For example, if pinging or reaching a known IP works but browsing by name fails, DNS configuration or DNS reachability becomes a strong suspect.

NAT, Network Address Translation, changes IP address information as traffic passes through a router or firewall. In many small networks, private IPv4 addresses such as 192.168.1.0/24, 10.0.0.0/8, or 172.16.0.0/12 are used internally. Those private addresses are not routed on the public Internet. A NAT device can translate many internal private addresses to one or more public addresses when users access Internet services. Port Address Translation, often called PAT or NAT overload, tracks many internal conversations by using transport-layer port numbers.

NAT is common for IPv4 Internet access, but it is not a security policy by itself; firewall rules still decide what traffic is permitted.

These services interact during a normal web visit. DHCP may give the client 192.168.10.25, gateway 192.168.10.1, and DNS server 192.168.10.10. DNS resolves the website name to a public IP address. The client sends traffic to its default gateway. The gateway or firewall uses NAT so the packet can travel across the Internet with a public source address. Replies return to the NAT device, which uses its translation table to send the traffic back to the correct inside client.

When troubleshooting, isolate the service. If the client has no valid IP address, start with DHCP, VLAN, cabling, wireless, or relay behavior. If the client has a valid address and can ping the gateway but cannot resolve names, check DNS server settings and reachability. If local and DNS tests work but Internet traffic fails for multiple users, NAT, firewall policy, upstream routing, or ISP connectivity may be involved. Clear notes should separate what works from what fails instead of reporting only that the Internet is down.

Study Checkpoint

• Topic: DNS, DHCP, and NAT Services.
• Verify the official Cisco concept before memorizing a shortcut.
• Practice the technician action: observe, document, test, fix when supported, or escalate.