STIGQter: STIG Summary: BIND 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The BIND 9.x secondary name server must limit the number of zones requested from a single master name server.

DISA Rule

SV-207549r612253_rule

Vulnerability Number

V-207549

Group Title

SRG-APP-000001-DNS-000001

Rule Version

BIND-9X-001050

Severity

CAT II

CCI(s)

• CCI-000054 - The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions.

Weight

10

Fix Recommendation

Edit the "named.conf" file.

Add the "transfers-per-ns" sub statement to the "options" statement block.

The value of the "transfers-per-ns" option can be increased to a value greater than two based on organizational requirements needed to support DNS operations.

Restart the BIND 9.x process.

Check Contents

If this is not a secondary name server, this requirement is Not Applicable.

Verify that the secondary name server is configured to limit the number of zones requested from a single master name server.

Inspect the "named.conf" file for the following:

options {
transfers-per-ns 2;
};

If the "options" statement does not contain a "transfers-per-ns" sub statement, this is a finding.

Vulnerability Number

V-207549

Documentable

False

Rule Version

BIND-9X-001050

Severity Override Guidance

If this is not a secondary name server, this requirement is Not Applicable.

Verify that the secondary name server is configured to limit the number of zones requested from a single master name server.

Inspect the "named.conf" file for the following:

options {
transfers-per-ns 2;
};

If the "options" statement does not contain a "transfers-per-ns" sub statement, this is a finding.

Check Content Reference

M

Target Key

2926

Comments