STIGQter: STIG Summary: Infoblox 7.x DNS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The Infoblox system must be configured to provide the means for authorized individuals to determine the identity of the source of the DNS server-provided information.

DISA Rule

SV-214182r612370_rule

Vulnerability Number

V-214182

Group Title

SRG-APP-000348-DNS-000042

Rule Version

IDNS-7X-000400

Severity

CAT II

CCI(s)

CCI-001902 - The information system provides the means for authorized individuals to determine the identity of the producer of the information.
CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

DNSSEC validation is enabled by navigating to Data Management >> DNS >> Grid DNS properties, toggle Advanced Mode click on "DNSSEC" tab.

Enable both "Enable DNSSEC" and "Enable DNSSEC validation".
When complete, click "Save & Close" to save the changes and exit the "Properties" screen.

Perform a service restart if necessary.

Check Contents

Note: For Infoblox DNS systems on a Classified network, this requirement is Not Applicable.

Validate that DNSSEC validation is enabled by navigating to Data Management >> DNS >> Grid DNS properties, toggle Advanced Mode click on "DNSSEC" tab.

Note: DNSSEC validation is only applicable on a grid member where recursion is active.

When complete, click "Cancel" to exit the "Properties" screen.

If both "Enable DNSSEC" and "Enable DNSSEC validation" are not enabled, this is a finding.

The Infoblox system must be configured to provide the means for authorized individuals to determine the identity of the source of the DNS server-provided information.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments