What should be done if you needed to create a policy to control DNS zone transfers, but allows basic DNS queries to go through?

What should be done if you needed to create a policy to control DNS zone transfers, but allows basic DNS queries to go through?

What should be done if you needed to create a policy to control DNS zone transfers, but allows basic DNS queries to go through?

A.
Nothing, the pre-defined DNS service will work properly as defined

B.
Create a custom service using TCP port 53 as the destination port

C.
The predefined DNS service does not allow this type of configuration

D.
Create a custom service only using UDP port 53 as the destination port

Explanation:

DNS traffic travels through port 53 (UDP and TCP). Therefore, it is necessary to open these ports on thenetscreenfirewall to allow clients and other servers to utilize DNS. UDP port 53 is required for client queries while the TCP port 53 is required for zone transfers. In most cases, it is unnecessary to allow zone transfers outside of the Protected Network so TCP port 53 should be blocked at the Firewall.



Leave a Reply 1

Your email address will not be published. Required fields are marked *


seenagape

seenagape

I have the same idea. B