STIGQter: STIG Summary: Infoblox 7.x DNS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Infoblox 7.x DNS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-214178r612370_rule
V-214178
SRG-APP-000246-DNS-000035
IDNS-7X-000340
CAT II
10
Navigate to Data Management >> DNS >> Grid DNS Properties.
Select "Queries" tab.
For external authoritative name servers disable "Allow Recursion" by clearing the check box.
For internal name servers on the "Updates" tab configure either an ACL or ACE for "Allow updates from".
On the "Queries" tab, configure either an ACL or ACE for "Allow queries from".
When complete, click "Save & Close" to save the changes and exit the "Properties" screen.
Perform a service restart if necessary.
Infoblox systems have a number of options that can be configured to reduce the ability to be exploited in a DoS attack. Primary consideration for this check should be given to client restrictions such as disabling open recursive servers, using ACLs to limit client communication, placement in secure network architecture to prevent address spoofing.
If there is an open recursive DNS service on external name servers, or unrestricted access to internal name servers, this is a finding.
V-214178
False
IDNS-7X-000340
Infoblox systems have a number of options that can be configured to reduce the ability to be exploited in a DoS attack. Primary consideration for this check should be given to client restrictions such as disabling open recursive servers, using ACLs to limit client communication, placement in secure network architecture to prevent address spoofing.
If there is an open recursive DNS service on external name servers, or unrestricted access to internal name servers, this is a finding.
M
3995