Question:
After you configure the ip dns spoofing command globally on a device, under which two conditions is DNS spoofing enabled on the device? (Choose two.)
- The DNS server queue limit id disabled
- The ip host command is disabled
- All configured IP name server addresses are removed
- The ip dns spoofing command is disabled on the local interface
- The no ip domain lookup command is configured
Explanation: DNS spoofing is designed to allow a router to act as a proxy DNS server and “spoof” replies to any DNS queries using either the configured IP address in the ip dns spoofing ip-address command or the IP address of the incoming interface for the query. This feature is useful for devices where the interface toward the Internet service provider (ISP) is not up. Once the interface to the ISP is up, the router forwards DNS queries to the real DNS servers. This feature turns on DNS spoofing and is functional if any of the following conditions are true: The no ip domain lookup command is configured. IP name server addresses are not configured. There are no valid interfaces or routes for sending to the configured name server addresses.
Exam with this question: CCNA v3.0 (200-125) Study Guide – Exam Dumps
Please login or Register to submit your answer