Which practice best prevents unauthorized DNS zone transfers?

Study for the EC-Council Certified Ethical Hacker (CEH) v13 Exam. Utilize flashcards and multiple-choice questions with helpful hints and detailed explanations. Excel in your exam preparation!

Multiple Choice

Which practice best prevents unauthorized DNS zone transfers?

Explanation:
Zone transfers replicate DNS zone data between servers and rely on TCP port 53 for reliable delivery. Blocking inbound TCP connections on port 53 at the network edge stops these transfers from external sources while leaving standard DNS queries intact, which use UDP. This makes it the most effective way to prevent unauthorized zone transfers without breaking regular name resolution. Blocking UDP 53 would disrupt normal DNS queries, disabling DNS functionality. Disabling DNS on all servers is overly drastic and defeats the service. Allowing zone transfers only from external IPs would not prevent unauthorized transfers and could expose you to data leakage if not tightly controlled.

Zone transfers replicate DNS zone data between servers and rely on TCP port 53 for reliable delivery. Blocking inbound TCP connections on port 53 at the network edge stops these transfers from external sources while leaving standard DNS queries intact, which use UDP. This makes it the most effective way to prevent unauthorized zone transfers without breaking regular name resolution.

Blocking UDP 53 would disrupt normal DNS queries, disabling DNS functionality. Disabling DNS on all servers is overly drastic and defeats the service. Allowing zone transfers only from external IPs would not prevent unauthorized transfers and could expose you to data leakage if not tightly controlled.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy