Which Layer 4 protocol is used by DNS for zone transfers and should be protected on internal networks?

  1. TCP port 53 ✓
  2. TCP port 123
  3. UDP port 53
  4. UDP port 161

Correct answer: TCP port 53

Option A is correct because DNS zone transfers use TCP port 53 to reliably transfer large zone data between authoritative DNS servers, and this port must be restricted to only authorized secondary DNS servers to prevent unauthorized zone enumeration. Option B is incorrect because TCP port 123 is not associated with DNS; port 123 is used by NTP for time synchronization. Option C is incorrect because UDP port 53 is used for standard DNS query and response traffic, not zone transfers, since UDP is connectionless and unsuited for the reliable bulk transfer of zone data. Option D is incorrect because UDP port 161 is used by SNMP for network device management queries, not DNS operations.

Topic: · dns, zone transfer, tcp port 53, network security

Practice CompTIA Network+ (N10-009) Questions Free