GIAC
GCIH · Question #833
GCIH Question #833: Real Exam Question with Answer & Explanation
The correct answer is B: Migrate to a split DNS infrastructure. A single internet-facing DNS server exposes internal network data publicly; split DNS separates internal and external name resolution to reduce this risk.
Incident Response & Cyber Kill Chain
Question
A company is acquiring another organization that has a single DNS server that is accessible to the internet. What is a good recommendation for the acquiring organization?
Options
- ABlock traffic on UDP/53
- BMigrate to a split DNS infrastructure
- CBlock traffic on TCP/53
- DEnable zone transfers on the acquired business' DNS server
Explanation
A single internet-facing DNS server exposes internal network data publicly; split DNS separates internal and external name resolution to reduce this risk.
Common mistakes.
- A. Blocking UDP/53 would break standard DNS query resolution entirely, since the vast majority of DNS queries use UDP on port 53.
- C. Blocking TCP/53 would disrupt zone transfers and large DNS responses but would not address the core problem of a single publicly accessible DNS server exposing internal records.
- D. Enabling zone transfers on the acquired server would allow any internet host to download the entire DNS zone, significantly worsening the security posture.
Concept tested. Split DNS infrastructure for reducing exposure
Reference. https://learn.microsoft.com/en-us/windows-server/networking/dns/deploy/split-brain-dns-deployment
Topics
#DNS security#split DNS#DNS infrastructure#zone transfer
Community Discussion
No community discussion yet for this question.