JNCIP-SEC: Juniper Networks Certified Professional – Security (2024) — Question 65

Which two statements are correct about DNS doctoring? (Choose two.)

Answer options

• A. The DNS ALG must be disabled.
• B. Proxy ARP is required if your NAT pool for the server is on the same subnet as the uplink interface.
• C. Proxy ARP is required if your NAT pool for the server is on a different subnet as the uplink interface.
• D. The DNS ALG must be enabled.

Correct answer: B, D

Explanation

The correct answers are B and D because Proxy ARP is indeed required when the NAT pool shares the same subnet as the uplink interface, and the DNS ALG must be enabled for DNS doctoring to function properly. Option A is incorrect as it suggests the DNS ALG should be disabled, which contradicts the requirements for DNS doctoring, and option C is incorrect since it misrepresents the conditions under which Proxy ARP is needed.