How can you detect EDNS0 usage in DNS traffic?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

How can you detect EDNS0 usage in DNS traffic?

Explanation:
Detecting EDNS0 hinges on recognizing the OPT pseudo-record that EDNS0 uses. When EDNS0 is in use, the DNS message includes an OPT resource record in the Additional section (type 41). This OPT record is not a normal answer data item; it’s a signal that EDNS0 is being applied, carrying options like the maximum UDP payload size and other EDNS settings. In practice, Wireshark will label this as EDNS0 and show the OPT record details, confirming EDNS0 usage. The other options don’t indicate EDNS0: NXDOMAIN is simply a DNS response code meaning the domain doesn’t exist, Transfer-Encoding: chunked is an HTTP concept, and Window Scale is a TCP handshake option.

Detecting EDNS0 hinges on recognizing the OPT pseudo-record that EDNS0 uses. When EDNS0 is in use, the DNS message includes an OPT resource record in the Additional section (type 41). This OPT record is not a normal answer data item; it’s a signal that EDNS0 is being applied, carrying options like the maximum UDP payload size and other EDNS settings. In practice, Wireshark will label this as EDNS0 and show the OPT record details, confirming EDNS0 usage.

The other options don’t indicate EDNS0: NXDOMAIN is simply a DNS response code meaning the domain doesn’t exist, Transfer-Encoding: chunked is an HTTP concept, and Window Scale is a TCP handshake option.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy