STIGQter: STIG Summary: Domain Name System (DNS) Security Requirements Guide Version: 2 Release: 4 Benchmark Date: 23 Oct 2015:

The DNS server implementation must validate the binding of the other DNS servers identity to the DNS information for a server-to-server transaction (e.g., zone transfer).

DISA Rule

SV-69221r1_rule

Vulnerability Number

V-54975

Group Title

SRG-APP-000349-DNS-000043

Rule Version

SRG-APP-000349-DNS-000043

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-001904 - The information system validates the binding of the information producer identity to the information at an organization-defined frequency.

Weight

10

Fix Recommendation

Configure the DNS server to validate the binding of the other DNS server's identity to the DNS information for a server-to-server transaction (e.g., zone transfer).

Check Contents

Review the DNS server implementation configuration to determine if the DNS server validates the binding of the other DNS server's identity to the DNS information for a server-to-server transaction (e.g., zone transfer). If the DNS server does not validate the binding of the other DNS server's identity to the DNS information, this is a finding.

Vulnerability Number

V-54975

Documentable

False

Rule Version

SRG-APP-000349-DNS-000043

Severity Override Guidance

Review the DNS server implementation configuration to determine if the DNS server validates the binding of the other DNS server's identity to the DNS information for a server-to-server transaction (e.g., zone transfer). If the DNS server does not validate the binding of the other DNS server's identity to the DNS information, this is a finding.

Check Content Reference

M

Target Key

2355

Comments