STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021:

Infoblox DNS servers must protect the authenticity of communications sessions for queries.

DISA Rule

SV-233919r621666_rule

Vulnerability Number

V-233919

Group Title

SRG-APP-000219-DNS-000030

Rule Version

IDNS-8X-700014

Severity

CAT II

CCI(s)

• CCI-001184 - The information system protects the authenticity of communications sessions.

Weight

10

Fix Recommendation

1. Navigate to Data Management >> DNS >> Grid DNS properties.
2. Toggle Advanced Mode and click on the "DNSSEC" tab.
3. Enable both "Enable DNSSEC" and "Enable DNSSEC validation".
4. When complete, click "Save & Close" to save the changes and exit the "Properties" screen.
5. Perform a service restart if necessary.

Check Contents

Note: For Infoblox DNS systems on a classified network, this requirement is Not Applicable.

1. Navigate to Data Management >> DNS >> Grid DNS properties.
2. Toggle Advanced Mode and click on "DNSSEC" tab.
3. Verify that both "Enable DNSSEC" and "Enable DNSSEC validation" are enabled.
4. When complete, click "Cancel" to exit the "Properties" screen.

If both "Enable DNSSEC" and "Enable DNSSEC validation" are not enabled, this is a finding.

Vulnerability Number

V-233919

Documentable

False

Rule Version

IDNS-8X-700014

Severity Override Guidance

Note: For Infoblox DNS systems on a classified network, this requirement is Not Applicable.

1. Navigate to Data Management >> DNS >> Grid DNS properties.
2. Toggle Advanced Mode and click on "DNSSEC" tab.
3. Verify that both "Enable DNSSEC" and "Enable DNSSEC validation" are enabled.
4. When complete, click "Cancel" to exit the "Properties" screen.

If both "Enable DNSSEC" and "Enable DNSSEC validation" are not enabled, this is a finding.

Check Content Reference

M

Target Key

5251

Comments