STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021: STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021:SV-233918r621666_rule
V-233918
SRG-APP-000219-DNS-000029
IDNS-8X-700013
CAT II
10
Infoblox Systems can be configured in two ways to limit DDNS client updates. Refer to the Administrator Guide for detailed instructions.
For clients that support GSS-TSIG:
1. Navigate to Data Management >> DNS >> Members tab.
2. Review each server with the DNS service enabled.
3. Select each server, click "Edit", toggle Advanced Mode, and select GSS-TSIG.
4. Configure the option "Enable GSS-TSIG authentication of clients".
5. Upload the required keys.
6. When complete, click "Save & Close" to save the changes and exit the "Properties" screen.
7. Perform a service restart if necessary.
For clients that do not support GSS-TSIG:
1. Navigate to Data Management >> DNS >> Members tab.
2. Review each server with the DNS service enabled.
3. Select each server and click "Edit".
4. Select the "Updates" tab.
5. Select an existing Named ACL or configure a new set of ACEs to limit client DDNS.
6. When complete, click "Save & Close" to save the changes and exit the "Properties" screen.
7. Perform a service restart if necessary.
Infoblox Systems can be configured in two ways to limit DDNS client updates.
For clients that support GSS-TSIG:
1. Navigate to Data Management >> DNS >> Members tab.
2. Review each server with the DNS service enabled.
3. Select each server, click "Edit", toggle Advanced Mode, and select GSS-TSIG.
4. Verify that "Enable GSS-TSIG authentication of clients" is enabled.
5. When complete, click "Cancel" to exit the "Properties" screen.
For clients that do not support GSS-TSIG: 1. Navigate to Data Management >> DNS >> Members tab.
2. Review each server with the DNS service enabled.
3. Select each server and click "Edit".
4. Select the "Updates" tab.
5. Verify that either a Named ACL or set of Access Control Entries (ACEs) is used to limit client DDNS updates.
6. When complete, click "Cancel" to exit the "Properties" screen.
If clients that support GSS-TSIG do not have "Enable GSS-TSIG authentication of clients" set or a named ACL or set of ACEs for clients that do not support GSS-TSIG, this is a finding.
V-233918
False
IDNS-8X-700013
Infoblox Systems can be configured in two ways to limit DDNS client updates.
For clients that support GSS-TSIG:
1. Navigate to Data Management >> DNS >> Members tab.
2. Review each server with the DNS service enabled.
3. Select each server, click "Edit", toggle Advanced Mode, and select GSS-TSIG.
4. Verify that "Enable GSS-TSIG authentication of clients" is enabled.
5. When complete, click "Cancel" to exit the "Properties" screen.
For clients that do not support GSS-TSIG: 1. Navigate to Data Management >> DNS >> Members tab.
2. Review each server with the DNS service enabled.
3. Select each server and click "Edit".
4. Select the "Updates" tab.
5. Verify that either a Named ACL or set of Access Control Entries (ACEs) is used to limit client DDNS updates.
6. When complete, click "Cancel" to exit the "Properties" screen.
If clients that support GSS-TSIG do not have "Enable GSS-TSIG authentication of clients" set or a named ACL or set of ACEs for clients that do not support GSS-TSIG, this is a finding.
M
5251