An organization wants to prevent forging of domain lookups by malicious actors. Which measure best validates that domain information is trustworthy and not altered in transit?
Restrict transfer of zone data to authorized resolvers
Enable cryptographic signatures on domain data so resolvers can confirm the legitimacy of records
Use short lifespan on cached entries to limit outdated information
Redirect questionable requests to a controlled address
Enabling cryptographic signatures on domain data ensures requesters verify that the records are legitimate—this approach establishes authenticity through checks such as digital signatures. Restricting zone transfer may limit who can obtain entries but does not guarantee data integrity. Using caching servers with short TTLs helps refresh information but does not authenticate records. Redirecting suspicious queries to another address might protect against threats but does not verify records are correct.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are cryptographic signatures, and how do they ensure the authenticity of domain data?
Open an interactive chat with Bash
What is DNSSEC, and how does it use cryptographic signatures to secure domain lookups?
Open an interactive chat with Bash
Why is restricting zone transfers alone insufficient to validate the legitimacy of DNS data?