STIGQter: STIG Summary: BIND 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The BIND 9.x server implementation must limit the number of concurrent session client connections to the number of allowed dynamic update clients.

DISA Rule

SV-207551r612253_rule

Vulnerability Number

V-207551

Group Title

SRG-APP-000001-DNS-000115

Rule Version

BIND-9X-001052

Severity

CAT II

CCI(s)

• CCI-000054 - The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions.

Weight

10

Fix Recommendation

Edit the "named.conf" file.

Add the "transfers-out" sub statement to the "options" statement block.

The value of the "transfers-out" will be based on organizational requirements needed to support DNS operations.

Restart the BIND 9.x process.

Check Contents

Verify the name server is configured to limit the number of concurrent client connections to the number of allowed dynamic update clients:

Inspect the "named.conf" file for the following:

options {
transfers-out 10;
};

If the "options" statement does not contain a "transfers-out" sub statement, this is a finding.

Vulnerability Number

V-207551

Documentable

False

Rule Version

BIND-9X-001052

Severity Override Guidance

Verify the name server is configured to limit the number of concurrent client connections to the number of allowed dynamic update clients:

Inspect the "named.conf" file for the following:

options {
transfers-out 10;
};

If the "options" statement does not contain a "transfers-out" sub statement, this is a finding.

Check Content Reference

M

Target Key

2926

Comments