312-50V10 · Question #372
Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the Internet and is able
The correct answer is A. Configure the firewall to allow traffic on TCP ports 53 and UDP port 53.. The ability to reach web servers by IP but not by URL indicates DNS resolution is failing, requiring both TCP and UDP port 53 to be opened on the firewall.
Question
Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the Internet and is able to open web sites by using an IP address in place of the URL. The administrator runs the response from the server. What should the administrator do next?
Options
- AConfigure the firewall to allow traffic on TCP ports 53 and UDP port 53.
- BConfigure the firewall to allow traffic on TCP ports 80 and UDP port 443.
- CConfigure the firewall to allow traffic on TCP port 53.
- DConfigure the firewall to allow traffic on TCP port 8080.
How the community answered
(37 responses)- A73% (27)
- B8% (3)
- C5% (2)
- D14% (5)
Why each option
The ability to reach web servers by IP but not by URL indicates DNS resolution is failing, requiring both TCP and UDP port 53 to be opened on the firewall.
DNS uses UDP port 53 for standard queries and TCP port 53 for responses that exceed 512 bytes (such as DNSSEC or large records) as well as zone transfers. Opening both protocols on port 53 ensures complete DNS functionality. Since users can browse by IP but not by hostname, the firewall is blocking DNS lookups, and both transport protocols must be permitted for reliable name resolution.
TCP port 80 is HTTP and TCP port 443 is HTTPS - these are web traffic ports, not DNS; opening them would not restore hostname resolution, and UDP 443 is QUIC, not standard HTTPS.
Opening only TCP port 53 is insufficient because DNS queries are predominantly sent over UDP port 53, so standard lookups would still be blocked.
TCP port 8080 is an alternate HTTP proxy port and has no relation to DNS name resolution or the described symptom.
Concept tested: DNS port requirements TCP and UDP 53
Source: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/dns-over-tcp
Topics
Community Discussion
No community discussion yet for this question.