STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021: STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021:SV-233906r621666_rule
V-233906
SRG-APP-000514-DNS-000075
IDNS-8X-700001
CAT I
10
Note: Ensure DNSSEC is configured to meet all other STIG requirements prior to signing a zone to avoid signing with an unapproved configuration.
1. Navigate to Data Management >> DNS >> Grid DNS properties.
2. Toggle Advanced Mode and click on the "DNSSEC" tab.
3. Configure FIPS-compliant algorithms.
4. Follow manual key rollover procedures and update all non-compliant KSKs and ZSKs to use FIPS-approved algorithms.
Note: For Infoblox DNS systems on a classified network, this requirement is Not Applicable.
Note: For Infoblox Grids that run in FIPS mode, this requirement is Not Applicable. Refer to the Administrator Guide for more information on FIPS Mode.
1. Navigate to Data Management >> DNS >> Grid DNS properties.
2. Toggle Advanced Mode and click on the "DNSSEC" tab.
3. Validate that all Key Signing Keys (KSKs) and Zone Signing Keys (ZSKs) use FIPS-approved algorithms.
4. When complete, click "Cancel" to exit the "Properties" screen.
If non-FIPS-approved algorithms are in use, this is a finding.
V-233906
False
IDNS-8X-700001
Note: For Infoblox DNS systems on a classified network, this requirement is Not Applicable.
Note: For Infoblox Grids that run in FIPS mode, this requirement is Not Applicable. Refer to the Administrator Guide for more information on FIPS Mode.
1. Navigate to Data Management >> DNS >> Grid DNS properties.
2. Toggle Advanced Mode and click on the "DNSSEC" tab.
3. Validate that all Key Signing Keys (KSKs) and Zone Signing Keys (ZSKs) use FIPS-approved algorithms.
4. When complete, click "Cancel" to exit the "Properties" screen.
If non-FIPS-approved algorithms are in use, this is a finding.
M
5251