STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021: STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021:SV-233925r621666_rule
V-233925
SRG-APP-000441-DNS-000066
IDNS-8X-700020
CAT II
10
Note: Ensure DNSSEC is configured to meet all other STIG requirements prior to signing a zone to avoid signing with an unapproved configuration.
1. Navigate to Data Management >> DNS >> Zones.
2. Select the appropriate zone using the check box. Using the "DNSSEC" drop-down menu, select "Sign Zones".
3. Follow prompts to acknowledge zone signing.
4. Perform a service restart if necessary.
Note: For Infoblox DNS systems on a classified network, this requirement is Not Applicable.
1. Navigate to Data Management >> DNS >> Zones.
2. For all external-facing authoritative zones and review all external authoritative zones.
Note: To add "Signed" column, select an existing column >> down arrow >> Columns >> Edit Columns. Set the "Signed" check box to "Visible" and select "Apply". DNSSEC signing status will be displayed in the "Zones" tab.
3. Verify that external authoritative zones are DNSSEC signed.
If DNSSEC is not used for authoritative DNS, this is a finding.
V-233925
False
IDNS-8X-700020
Note: For Infoblox DNS systems on a classified network, this requirement is Not Applicable.
1. Navigate to Data Management >> DNS >> Zones.
2. For all external-facing authoritative zones and review all external authoritative zones.
Note: To add "Signed" column, select an existing column >> down arrow >> Columns >> Edit Columns. Set the "Signed" check box to "Visible" and select "Apply". DNSSEC signing status will be displayed in the "Zones" tab.
3. Verify that external authoritative zones are DNSSEC signed.
If DNSSEC is not used for authoritative DNS, this is a finding.
M
5251