What two features are present on DNS servers using BIND 9.5.0 and higher that help mitigate DNS cache poisoning attacks? (Choose two.)
- randomization of ports
- provision of cryptographically secure DNS transaction identifiers
- exclusion of any trust relationships between DNS servers
- secure DNS data authentication
- prevention of any recursive DNS queries
| Explanation & Hint:
DNS servers using BIND 9.5.0 and higher provide features that help prevent DNS cache poisoning attacks. These features include the randomization of ports and provision of cryptographically secure DNS transaction identifiers. Domain Name System Security Extensions (DNSSEC), a technology developed by the Internet Engineering Task Force (IETF), provides secure DNS data authentication and protects against DNS cache poisoning. |