STIGQter: STIG Summary: Infoblox 7.x DNS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Infoblox 7.x DNS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-214226r612370_rule
V-214226
SRG-APP-000516-DNS-000500
IDNS-7X-001010
CAT II
10
Navigate to Grid >> Grid Manager >> Members tab.
Edit each member and configure the MGMT port on the Network tab and enable VPN over MGMT on the Advanced portion of the Network tab.
Grid Masters and Grid Master candidates utilize the LAN1 port for communication and should not allow any direct client access.
Note: For Infoblox DNS systems on a Classified network, this requirement is Not Applicable.
Navigate to Grid >> Grid Manager >> Members tab.
Review the Grid Master network configuration and verify placement on an OOB network.
Review services enabled on the Grid Master and verify that no client services are enabled. The only acceptable service allowed is DNS when the Grid utilizes DNSSEC signed zones. The Grid Master must have DNS enabled to sign DNSSEC zones.
If DNSSEC is enabled, verify that the Grid Master marked as "Stealth" for any zone.
If an Infoblox Grid Member does not utilize the MGMT port for configuration through an OOB connection, this is a finding.
V-214226
False
IDNS-7X-001010
Note: For Infoblox DNS systems on a Classified network, this requirement is Not Applicable.
Navigate to Grid >> Grid Manager >> Members tab.
Review the Grid Master network configuration and verify placement on an OOB network.
Review services enabled on the Grid Master and verify that no client services are enabled. The only acceptable service allowed is DNS when the Grid utilizes DNSSEC signed zones. The Grid Master must have DNS enabled to sign DNSSEC zones.
If DNSSEC is enabled, verify that the Grid Master marked as "Stealth" for any zone.
If an Infoblox Grid Member does not utilize the MGMT port for configuration through an OOB connection, this is a finding.
M
3995