Blocking inbound TCP port 53 connections serves to prevent unauthorized zone transfers.

Study for the EC-Council Certified Ethical Hacker (CEH) v13 Exam. Utilize flashcards and multiple-choice questions with helpful hints and detailed explanations. Excel in your exam preparation!

Multiple Choice

Blocking inbound TCP port 53 connections serves to prevent unauthorized zone transfers.

Explanation:
Zone transfers replicate the DNS zone data from a primary DNS server to its secondary servers and they use TCP on port 53. By blocking inbound TCP connections to port 53, you prevent remote hosts from requesting those transfers, which stops unauthorized disclosure of your zone data. Regular DNS queries, on the other hand, primarily use UDP on port 53, so normal resolution from clients can continue as long as UDP is allowed. If you need to allow legitimate transfers, you should restrict the source IPs and ideally use authentication like TSIG. This measure doesn’t directly prevent cache poisoning or remote code execution, which are addressed by different controls and defenses.

Zone transfers replicate the DNS zone data from a primary DNS server to its secondary servers and they use TCP on port 53. By blocking inbound TCP connections to port 53, you prevent remote hosts from requesting those transfers, which stops unauthorized disclosure of your zone data. Regular DNS queries, on the other hand, primarily use UDP on port 53, so normal resolution from clients can continue as long as UDP is allowed. If you need to allow legitimate transfers, you should restrict the source IPs and ideally use authentication like TSIG. This measure doesn’t directly prevent cache poisoning or remote code execution, which are addressed by different controls and defenses.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy