DNS poisoning (also known as DNS cache poisoning) occurs when a malicious actor injects false DNS data into a DNS resolver's cache. The poisoned entry will persist for the duration of its TTL (Time To Live), which is defined in the DNS SOA (Start of Authority) record.
The SOA record contains several fields including:
Serial number
Refresh
Retry
Expire
Minimum TTL
The Minimum TTL value in the SOA record determines how long a DNS resolver should cache the DNS data — including any potentially poisoned data.
From CEH v13 Official Courseware:
Module 3: Scanning Networks
Topic: DNS Enumeration & Poisoning
CEH v13 Study Guide states:
“The SOA record includes a minimum TTL value that dictates how long DNS information should be cached by other DNS servers. If DNS cache poisoning occurs, the false information will persist until the TTL expires.”
Incorrect Options:
A: MX (Mail Exchange) defines mail servers, not TTLs.
C: NS (Name Server) specifies authoritative servers, not caching durations.
D: TIMEOUT is not a valid DNS resource record.
[Reference:CEH v13 Study Guide – Module 3: DNS Records → SOA Record Structure and TTLRFC 1035 – Domain Names: Implementation and Specification (Section 3.3.13), ======, , ]
Submit