An organization wants to prevent forging of domain lookups by malicious actors. Which measure best validates that domain information is trustworthy and not altered in transit?
Enable cryptographic signatures on domain data so resolvers can confirm the legitimacy of records
Redirect questionable requests to a controlled address
Restrict transfer of zone data to authorized resolvers
Use short lifespan on cached entries to limit outdated information
Enabling cryptographic signatures on domain data ensures requesters verify that the records are legitimate—this approach establishes authenticity through checks such as digital signatures. Restricting zone transfer may limit who can obtain entries but does not guarantee data integrity. Using caching servers with short TTLs helps refresh information but does not authenticate records. Redirecting suspicious queries to another address might protect against threats but does not verify records are correct.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are cryptographic signatures?
Open an interactive chat with Bash
What is DNSSEC, and how does it relate to domain data security?
Open an interactive chat with Bash
Why do short TTLs not guarantee data authenticity?