312-50V10 · Question #111
Which DNS resource record can indicate how long any "DNS poisoning" could last?
The correct answer is B. SOA. The SOA record contains a Minimum TTL field that governs how long DNS records are cached, which directly determines the maximum duration a DNS cache poisoning attack can persist.
Question
Which DNS resource record can indicate how long any "DNS poisoning" could last?
Options
- AMX
- BSOA
- CNS
- DTIMEOUT
How the community answered
(38 responses)- A5% (2)
- B87% (33)
- C5% (2)
- D3% (1)
Why each option
The SOA record contains a Minimum TTL field that governs how long DNS records are cached, which directly determines the maximum duration a DNS cache poisoning attack can persist.
MX records define mail server routing preferences and priority values and contain no fields related to caching duration or time-to-live.
The SOA (Start of Authority) record includes a Minimum TTL field defined in RFC 2308 that specifies the default time-to-live for negative cached responses and sets the floor for record caching in the zone. Because a poisoned DNS entry remains effective for exactly as long as its TTL allows it to stay in a resolver's cache, the SOA record's TTL parameters directly indicate how long any DNS poisoning attack could last.
NS records identify authoritative name servers for a zone but carry no TTL configuration fields that would govern how long a poisoned cache entry persists.
TIMEOUT is not a defined DNS resource record type in any RFC or DNS standard.
Concept tested: SOA record minimum TTL and DNS poisoning cache duration
Source: https://www.rfc-editor.org/rfc/rfc2308
Topics
Community Discussion
No community discussion yet for this question.