Exam PT0-002 topic 1 question 211 discussion

D. The client did not receive a trusted response. DNS poisoning, also known as DNS spoofing, is a type of attack in which an attacker alters the mapping of a domain name to an IP address, redirecting traffic from the intended domain to a malicious domain. If no traffic was seen from the target machine after the attempted DNS poisoning attack, it is most likely that the client did not receive a trusted response. This means that the client's DNS resolver did not trust the response from the attacker and did not update its cache with the malicious mapping provided by the attacker. This happens when the client's DNS resolver has implemented security measures such as DNSSEC (Domain Name System Security Extensions) which is a set of security extensions to DNS that provide authentication of DNS data and integrity of DNS data. In contrast, if the injection was too slow, the DNS information was incorrect, or the DNS cache was not refreshed, it would not prevent the client from receiving a trusted response and may not have prevented the attack from being successful.

In a successful DNS poisoning attack, the attacker aims to redirect the target machine's traffic by providing false DNS information. The lack of traffic from the target machine suggests the redirection failed. Therefore, the most likely reason for the attack's failure is: D. The client did not receive a trusted response. D. The client did not receive a trusted response: This is the MOST likely culprit. DNS servers often implement security measures to validate responses. If the attacker's response lacked proper authentication or was flagged as suspicious, the client machine wouldn't trust it and wouldn't attempt to connect to the provided addresses, resulting in no traffic.

If the DNS cache already contained a valid entry for the requested domain, the target machine would not send out a new DNS request until that cache entry expired

From Cloudflare: A DNS resolver will save responses to IP address queries for a certain amount of time. In this way, the resolver can respond to future queries much more quickly, without needing to communicate with the many servers involved in the typical DNS resolution process. DNS resolvers save responses in their cache for as long as the designated time to live (TTL) associated with that IP address allows them to. Instead of using TCP, which requires both communicating parties to perform a 'handshake' to initiate communication, DNS requests and responses use UDP, or the User Datagram Protocol. With UDP, there is no guarantee that a connection is open or that the recipient is ready to receive. UDP is vulnerable to forging for this reason – an attacker can send a message via UDP and pretend it is a response from a legitimate server by forging the header data. If a DNS resolver receives a forged response, it accepts and caches the data uncritically because there is no way to verify if the information is accurate and comes from a legitimate source.

DNS poisoning relies on corrupting the DNS cache with incorrect information to redirect traffic to a malicious destination. If the target machine's DNS cache is not refreshed to include the poisoned information, the attack will fail because the target will continue using the legitimate DNS information. Therefore, the option that most likely caused the attack to fail is: C. The DNS cache was not refreshed.

A.The injection was too slow. The malicious response needs to arrive before the legitimate DNS server. If the timing isn’t right, the legitimate response will be accepted.

D. The client did not receive a trusted response is the most likely reason for the attack to fail. DNS poisoning attack aims to introduce false information into a DNS resolver's cache. When the client requests a domain name resolution, the resolver looks up the information in its cache first. If the attacker has successfully poisoned the cache with false information, the client may be directed to a fake website, or its traffic could be redirected to a server controlled by the attacker. However, modern operating systems and browsers have implemented measures such as DNSSEC and DNS over HTTPS (DoH) to protect against DNS poisoning attacks. These technologies provide cryptographic validation of DNS responses and secure communication between the client and resolver, respectively. If the client did not receive a trusted response from the resolver, it could be due to these security measures in place.

DNS poisoning, also known as DNS spoofing, is a technique used to manipulate DNS resolver cache information so that the target machine is redirected to a malicious website or server. However, if the DNS cache on the target machine has not been refreshed, it will still contain the correct DNS information, which means that the attack would fail.

D. The client did not receive a trusted response is the most likely cause of the attack failing. In a DNS poisoning attack, the attacker attempts to redirect traffic from a legitimate website to a malicious site by altering the entries in the Domain Name System (DNS). If the client does not receive a trusted response from the DNS server, the attack will fail.

I think D is correct

C or D iam confused share your correct answer

ddddddddddddd

My best guess would be D. ChatGPT seems to agree, but that could also be wrong.

I think C is correct

Answer is A