STIGQter: STIG Summary: Infoblox 7.x DNS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

All authoritative name servers for a zone must be located on different network segments.

DISA Rule

SV-214205r612370_rule

Vulnerability Number

V-214205

Group Title

SRG-APP-000516-DNS-000087

Rule Version

IDNS-7X-000750

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Navigate to Data Management >> DNS >> Zones.

Review zone settings by selecting each zone and reviewing the "Name Servers" tab to ensure all name servers are located on different network segments.

Check Contents

Review the DNS configuration to determine all of the NS records for each zone. Based upon the NS records for each zone, determine location of each of the name servers.
Verify all authoritative name servers are located on different network segments.

If all authoritative name servers are not located on different network segments, this is a finding.

Vulnerability Number

V-214205

Documentable

False

Rule Version

IDNS-7X-000750

Severity Override Guidance

Review the DNS configuration to determine all of the NS records for each zone. Based upon the NS records for each zone, determine location of each of the name servers.
Verify all authoritative name servers are located on different network segments.

If all authoritative name servers are not located on different network segments, this is a finding.

Check Content Reference

M

Target Key

3995

Comments