Which practice best prevents unauthorized DNS zone transfers?

Boost your skills for the EC-Council Certified Ethical Hacker v13 Exam. Use flashcards and multiple choice questions to prepare effectively. Each question includes hints and explanations. Get exam-ready now!

Multiple Choice

Which practice best prevents unauthorized DNS zone transfers?

Explanation:
Zone transfers replicate DNS zone data between servers and rely on TCP port 53 for reliable delivery. Blocking inbound TCP connections on port 53 at the network edge stops these transfers from external sources while leaving standard DNS queries intact, which use UDP. This makes it the most effective way to prevent unauthorized zone transfers without breaking regular name resolution. Blocking UDP 53 would disrupt normal DNS queries, disabling DNS functionality. Disabling DNS on all servers is overly drastic and defeats the service. Allowing zone transfers only from external IPs would not prevent unauthorized transfers and could expose you to data leakage if not tightly controlled.

Zone transfers replicate DNS zone data between servers and rely on TCP port 53 for reliable delivery. Blocking inbound TCP connections on port 53 at the network edge stops these transfers from external sources while leaving standard DNS queries intact, which use UDP. This makes it the most effective way to prevent unauthorized zone transfers without breaking regular name resolution.

Blocking UDP 53 would disrupt normal DNS queries, disabling DNS functionality. Disabling DNS on all servers is overly drastic and defeats the service. Allowing zone transfers only from external IPs would not prevent unauthorized transfers and could expose you to data leakage if not tightly controlled.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy