STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021:

Recursion must be disabled on Infoblox DNS servers that are configured as authoritative name servers.

DISA Rule

SV-233860r621666_rule

Vulnerability Number

V-233860

Group Title

SRG-APP-000383-DNS-000047

Rule Version

IDNS-8X-400002

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

1. Navigate to Data Management >> DNS >> Members tab.
2. Select the "Queries" tab and disable recursion by clearing the "Enable Recursion" check box.
3. When complete, click "Save & Close" to save the changes and exit the "Properties" screen.
4. Perform a service restart if necessary.

Check Contents

1. Navigate to Data Management >> DNS >> Members tab.
2. Select each grid member configured in an authoritative role and click "Edit".
3. Review the "Queries" tab.
4. Verify that "Allow Recursion" is not enabled.
5. When complete, click "Cancel" to exit the "Properties" screen.

If recursion is not disabled on an authoritative name server, this is a finding.

Vulnerability Number

V-233860

Documentable

False

Rule Version

IDNS-8X-400002

Severity Override Guidance

1. Navigate to Data Management >> DNS >> Members tab.
2. Select each grid member configured in an authoritative role and click "Edit".
3. Review the "Queries" tab.
4. Verify that "Allow Recursion" is not enabled.
5. When complete, click "Cancel" to exit the "Properties" screen.

If recursion is not disabled on an authoritative name server, this is a finding.

Check Content Reference

M

Target Key

5251

Comments