STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021: STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021:SV-233926r621666_rule
V-233926
SRG-APP-000442-DNS-000067
IDNS-8X-700021
CAT II
10
Note: Ensure DNSSEC is configured to meet all other STIG requirements prior to signing a zone to avoid signing with an unapproved configuration.
1. Navigate to Data Management >> DNS >> Zones.
2. Select the appropriate zone using the check box. Using the "DNSSEC" drop-down menu, select "Sign Zones".
3. Follow prompts to acknowledge zone signing.
4. Perform a service restart if necessary.
Note: For Infoblox DNS systems on a classified network, this requirement is Not Applicable.
1. Navigate to Data Management >> DNS >> Zones.
2. For all external-facing authoritative zones and review all external authoritative zones.
Note: To add "Signed" column, select an existing column >> down arrow >> Columns >> Edit Columns. Set the "Signed" check box to "Visible" and select "Apply". DNSSEC signing status will be displayed in the Zones tab. Verify that external authoritative zones are DNSSEC signed.
If DNSSEC is not used for authoritative DNS this is a finding.
V-233926
False
IDNS-8X-700021
Note: For Infoblox DNS systems on a classified network, this requirement is Not Applicable.
1. Navigate to Data Management >> DNS >> Zones.
2. For all external-facing authoritative zones and review all external authoritative zones.
Note: To add "Signed" column, select an existing column >> down arrow >> Columns >> Edit Columns. Set the "Signed" check box to "Visible" and select "Apply". DNSSEC signing status will be displayed in the Zones tab. Verify that external authoritative zones are DNSSEC signed.
If DNSSEC is not used for authoritative DNS this is a finding.
M
5251