STIGQter: STIG Summary: Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:SV-215598r561297_rule
V-215598
SRG-APP-000142-DNS-000014
WDNS-CM-000029
CAT II
10
Re-install DNS.
By default, the Windows 2012 DNS Server listens on TCP 53 and opens UDP ports 53. Also by default, Windows 2012 DNS Server sends from random, high-numbered source ports 49152 and above.
To confirm the listening ports, log onto Windows 2012 DNS Server as an Administrator.
Open a command window with the “Run-as Administrator” option.
In the command window, type the following command:
netstat -a -b |more <enter>
The result is a list of all services running on the server, with the respective “LISTENING TCP” and “OPEN UDP” ports being used.
Find Windows 2012 DNS Server service and verify the State is "LISTENING" on TCP port 53 and that UDP 53 is listed (indicating it is OPEN).
If the server shows UDP 53 in results list and shows TCP port 53 as “LISTENING”, this is not a finding.
V-215598
False
WDNS-CM-000029
By default, the Windows 2012 DNS Server listens on TCP 53 and opens UDP ports 53. Also by default, Windows 2012 DNS Server sends from random, high-numbered source ports 49152 and above.
To confirm the listening ports, log onto Windows 2012 DNS Server as an Administrator.
Open a command window with the “Run-as Administrator” option.
In the command window, type the following command:
netstat -a -b |more <enter>
The result is a list of all services running on the server, with the respective “LISTENING TCP” and “OPEN UDP” ports being used.
Find Windows 2012 DNS Server service and verify the State is "LISTENING" on TCP port 53 and that UDP 53 is listed (indicating it is OPEN).
If the server shows UDP 53 in results list and shows TCP port 53 as “LISTENING”, this is not a finding.
M
4016