STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021:

All authoritative name servers for a zone must be located on different network segments.

DISA Rule

SV-233864r621666_rule

Vulnerability Number

V-233864

Group Title

SRG-APP-000516-DNS-000087

Rule Version

IDNS-8X-400006

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

1. Navigate to Data Management >> DNS >> Zones.
2. Review zone settings by selecting each zone and reviewing the "Name Servers" tab to ensure all name servers are located on different network segments.

Check Contents

Review the DNS configuration to determine all of the name server (NS) records for each zone. Based on the NS records for each zone and network architecture, determine the location of each of the name servers.

1. Navigate to Data Management >> DNS >> Zones.
2. Select the zone to review.
3. Select the "Name Servers" tab.

If all authoritative name servers are not located on different network segments, this is a finding.

Vulnerability Number

V-233864

Documentable

False

Rule Version

IDNS-8X-400006

Severity Override Guidance

Review the DNS configuration to determine all of the name server (NS) records for each zone. Based on the NS records for each zone and network architecture, determine the location of each of the name servers.

1. Navigate to Data Management >> DNS >> Zones.
2. Select the zone to review.
3. Select the "Name Servers" tab.

If all authoritative name servers are not located on different network segments, this is a finding.

Check Content Reference

M

Target Key

5251

Comments