STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021:

An Infoblox DNS server must strongly bind the identity of the DNS server with the DNS information using DNSSEC.

DISA Rule

SV-233889r621666_rule

Vulnerability Number

V-233889

Group Title

SRG-APP-000347-DNS-000041

Rule Version

IDNS-8X-400031

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.
CCI-001901 - The information system binds the identity of the information producer with the information to an organization-defined strength of binding.

Weight

Fix Recommendation

1. Navigate to Data Management >> DNS >> Grid DNS properties.
2. Toggle Advanced Mode and click on the "DNSSEC" tab.
3. Enable both "Enable DNSSEC" and "Enable DNSSEC validation".
4. When complete, click "Save & Close" to save the changes and exit the "Properties" screen.
5. Perform a service restart if necessary.

Check Contents

Note: For Infoblox DNS systems on a classified network, this requirement is Not Applicable.

Validate that DNSSEC validation is enabled:

1. Navigate to Data Management >> DNS >> Grid DNS properties.
2. Toggle Advanced Mode and click on the "DNSSEC" tab.
3. Verify that both "Enable DNSSEC" and "Enable DNSSEC validation" are enabled.
4. When complete, click "Cancel" to exit the "Properties" screen.

If both "Enable DNSSEC" and "Enable DNSSEC validation" are not enabled, this is a finding.

An Infoblox DNS server must strongly bind the identity of the DNS server with the DNS information using DNSSEC.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments