Effective CISSP Questions

Which of the following DNS operations is most likely to use the well-known port 53 to establish a connection?
A. Iterative queries for MX records
B. Recursive queries for A records
C. DNSSEC resource records
D. Zone transfer

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Zone transfer.

DNS servers are typically listening to both the ports of TCP and UDP 53.

  • DNS queries are served by UDP 53.
  • DNS zone transfers are serviced by TCP 53, e.g., the zone transfer request from the nslookup utility or between the primary DNS server and secondary DNS servers.

The size of a DNS/UDP payload is traditionally limited to 512 bytes. DNSSEC adds cryptographic signatures to existing DNS resource records, and that typically exceeds the size limit of the DNS payload. Under this constraint, DNSSEC queries should be implemented with TCP services. However, the EDNS (Extension mechanisms for DNS) extends the DNS payload size so that UDP can serve DNSSEC.


Leave a Reply