GIAC Certified Incident Handler (GCIH) — Question 175

Following the recent acquisition of a new business, your manager asks you to investigate their DNS service and report back on its status. He is concerned as they only have one DNS server in the organization and it is visible on the Internet. What actions and recommendations should be taken as a first step?

Answer options

• A. Review the logs of the acquired business' firewall for port 53 traffic. Add a firewall rule to block port 53 traffic.
• B. Ensure zone transfer requests from the acquired business' DNS server are disabled. Propose a plan to migrate the DNS service to your split-DNS infrastructure.
• C. Use the nslookup command to direct the aquired business' DNS server to transfer its records to your primary DNS server. Block all other traffic at the firewall.
• D. Remove the acquired business' DNS server from the network. Import its database entries into your secure infrastructure.

Correct answer: A

Explanation

Option A is correct because reviewing firewall logs for port 53 traffic is crucial for identifying potential security risks associated with the publicly accessible DNS server. Blocking port 53 traffic can help prevent unauthorized access and attacks. The other options, while they address different aspects of DNS security, do not prioritize immediate risk mitigation related to the visibility of the DNS server on the Internet.