STIGQter STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021:

The Infoblox DNS server must implement cryptographic mechanisms to detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).

DISA Rule

SV-233924r621666_rule

Vulnerability Number

V-233924

Group Title

SRG-APP-000440-DNS-000065

Rule Version

IDNS-8X-700019

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

1. Navigate to Data Management >> DNS >> Grid DNS properties tab.
2. Toggle Advanced Mode and select the "DNSSEC" tab.
3. Enable DNSSEC by selecting the check box.
4. When complete, click "Save & Close" to save the changes and exit the "Properties" screen.
5. Perform a service restart if necessary.

Check Contents

Note: For Infoblox DNS systems on a classified network, this requirement is Not Applicable.

1. Verify that DNSSEC is enabled by navigating to Data Management >> DNS >> Grid DNS properties tab.
2. Toggle Advanced Mode and review the "DNSSEC" tab to verify that DNSSEC is enabled.
3. When complete, click "Cancel" to exit the "Properties" screen.

If DNSSEC validation is not enabled, this is a finding.

Vulnerability Number

V-233924

Documentable

False

Rule Version

IDNS-8X-700019

Severity Override Guidance

Note: For Infoblox DNS systems on a classified network, this requirement is Not Applicable.

1. Verify that DNSSEC is enabled by navigating to Data Management >> DNS >> Grid DNS properties tab.
2. Toggle Advanced Mode and review the "DNSSEC" tab to verify that DNSSEC is enabled.
3. When complete, click "Cancel" to exit the "Properties" screen.

If DNSSEC validation is not enabled, this is a finding.

Check Content Reference

M

Target Key

5251

Comments