STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021:

An authoritative name server must be configured to enable DNSSEC resource records.

DISA Rule

SV-233866r621666_rule

Vulnerability Number

V-233866

Group Title

SRG-APP-000516-DNS-000089

Rule Version

IDNS-8X-400008

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

DNSSEC must be enabled prior to zone signing.

1. Enable by navigating to Data Management >> DNS >> Grid DNS properties.
2. Toggle Advanced Mode and click on the "DNSSEC" tab.
3. Enable the "Enable DNSSEC" option.
4. When complete, click "Save & Close" to save the changes and exit the "Properties" screen.
5. Perform a service restart if necessary.

Check Contents

Note: For Infoblox DNS systems on a classified network, this requirement is Not Applicable.

1. Navigate to Data Management >> DNS >> Grid DNS properties.
2. Toggle Advanced Mode and click on the "DNSSEC" tab.
3. Validate that DNSSEC is enabled using the check box.
4. When complete, click "Cancel" to exit the "Properties" screen.

If "Enable DNSSEC" is not configured, this is a finding.

Vulnerability Number

V-233866

Documentable

False

Rule Version

IDNS-8X-400008

Severity Override Guidance

Note: For Infoblox DNS systems on a classified network, this requirement is Not Applicable.

1. Navigate to Data Management >> DNS >> Grid DNS properties.
2. Toggle Advanced Mode and click on the "DNSSEC" tab.
3. Validate that DNSSEC is enabled using the check box.
4. When complete, click "Cancel" to exit the "Properties" screen.

If "Enable DNSSEC" is not configured, this is a finding.

Check Content Reference

M

Target Key

5251

Comments