STIGQter: STIG Summary: Domain Name System (DNS) Security Requirements Guide Version: 2 Release: 4 Benchmark Date: 23 Oct 2015:

All authoritative name servers for a zone must have the same version of zone information.

DISA Rule

SV-69175r1_rule

Vulnerability Number

V-54929

Group Title

SRG-APP-000516-DNS-000088

Rule Version

SRG-APP-000516-DNS-000088

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Troubleshoot and fix any problems with zone transfers completing successfully between the primary name server and all secondary name servers.

Check Contents

Review the DNS configuration for each zone hosted by the authoritative name server. Determine all authoritative name servers for each zone. Review the serial number in the SOA RDATA, on each authoritative name server for each zone, and ensure the serial number is the same on each secondary name server as on the primary name server.

If any secondary name server for a zone has a serial number in the SOA RDATA that is different from the primary name server, this is a finding.

Vulnerability Number

V-54929

Documentable

False

Rule Version

SRG-APP-000516-DNS-000088

Severity Override Guidance

Review the DNS configuration for each zone hosted by the authoritative name server. Determine all authoritative name servers for each zone. Review the serial number in the SOA RDATA, on each authoritative name server for each zone, and ensure the serial number is the same on each secondary name server as on the primary name server.

If any secondary name server for a zone has a serial number in the SOA RDATA that is different from the primary name server, this is a finding.

Check Content Reference

M

Target Key

2355

Comments