STIGQter STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021:

All authoritative name servers for a zone must be geographically disbursed.

DISA Rule

SV-233859r621666_rule

Vulnerability Number

V-233859

Group Title

SRG-APP-000218-DNS-000027

Rule Version

IDNS-8X-400001

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the authoritative name servers to be geographically disbursed.

Check Contents

1. Navigate to Data Management >> DNS >> Zones tab.
2. Review each zone by clicking "Edit" and inspecting the "Name Servers" tab.
3. Review the name server (NS) records for each zone hosted and confirm that each authoritative name server is located at a different physical location than the remaining name servers.
4. Infoblox supports designation as a "stealth" name server, which will not have an NS record.

If all name servers for which NS records are published within a zone are not physically at different locations, this is a finding.

Vulnerability Number

V-233859

Documentable

False

Rule Version

IDNS-8X-400001

Severity Override Guidance

1. Navigate to Data Management >> DNS >> Zones tab.
2. Review each zone by clicking "Edit" and inspecting the "Name Servers" tab.
3. Review the name server (NS) records for each zone hosted and confirm that each authoritative name server is located at a different physical location than the remaining name servers.
4. Infoblox supports designation as a "stealth" name server, which will not have an NS record.

If all name servers for which NS records are published within a zone are not physically at different locations, this is a finding.

Check Content Reference

M

Target Key

5251

Comments