STIGQter STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021:

The digital signature algorithm used for DNSSEC-enabled zones must be FIPS compatible.

DISA Rule

SV-233867r621666_rule

Vulnerability Number

V-233867

Group Title

SRG-APP-000516-DNS-000090

Rule Version

IDNS-8X-400009

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

1. Navigate to Data Management >> DNS >> Grid DNS properties.
2. Toggle Advanced Mode and click on the "DNSSEC" tab.
3. Follow manual key rollover procedures and update all non-compliant KSKs and ZSKs to use FIPS-approved algorithms.

Check Contents

Note: For Infoblox DNS systems on a classified network, this requirement is Not Applicable. For Infoblox Grids that run in FIPS mode, this requirement is Not Applicable.

1. Review FIPS requirements to ensure the proper algorithms are used.
2. Navigate to Data Management >> DNS >> Grid DNS properties.
3. Toggle Advanced Mode and click on the "DNSSEC" tab.
4. Validate that all Key Signing Keys (KSKs) and ZSKs use FIPS-approved algorithms.
5. When complete, click "Cancel" to exit the "Properties" screen.

If FIPS-approved algorithms are not used for the KSKs and ZSKs, this is a finding.

If DSA is used, this is a finding.

Vulnerability Number

V-233867

Documentable

False

Rule Version

IDNS-8X-400009

Severity Override Guidance

Note: For Infoblox DNS systems on a classified network, this requirement is Not Applicable. For Infoblox Grids that run in FIPS mode, this requirement is Not Applicable.

1. Review FIPS requirements to ensure the proper algorithms are used.
2. Navigate to Data Management >> DNS >> Grid DNS properties.
3. Toggle Advanced Mode and click on the "DNSSEC" tab.
4. Validate that all Key Signing Keys (KSKs) and ZSKs use FIPS-approved algorithms.
5. When complete, click "Cancel" to exit the "Properties" screen.

If FIPS-approved algorithms are not used for the KSKs and ZSKs, this is a finding.

If DSA is used, this is a finding.

Check Content Reference

M

Target Key

5251

Comments