STIGQter STIGQter: STIG Summary: BIND 9.x Security Technical Implementation Guide Version: 1 Release: 8 Benchmark Date: 24 Jan 2020: The BIND 9.x server implementation must be configured to use only approved ports and protocols.

DISA Rule

SV-87027r1_rule

Vulnerability Number

V-72403

Group Title

SRG-APP-000142-DNS-000014

Rule Version

BIND-9X-001053

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Edit the "named.conf" file.

Add the following line to the "options" statement:

listen-on port 53 { <ip_address>; };

Replace "<ip_address>" with the IP of the name server.

Restart the BIND 9.x process.

Check Contents

Verify the BIND 9.x server is configured to listen on UDP/TCP port 53.

Inspect the "named.conf" file for the following:

options {
listen-on port 53 { <ip_address>; };
};

If the "port" variable is missing, this is a finding.

If the "port" variable is not set to "53", this is a finding.

Note: "<ip_address>" should be replaced with the DNS server IP address.

Vulnerability Number

V-72403

Documentable

False

Rule Version

BIND-9X-001053

Severity Override Guidance

Verify the BIND 9.x server is configured to listen on UDP/TCP port 53.

Inspect the "named.conf" file for the following:

options {
listen-on port 53 { <ip_address>; };
};

If the "port" variable is missing, this is a finding.

If the "port" variable is not set to "53", this is a finding.

Note: "<ip_address>" should be replaced with the DNS server IP address.

Check Content Reference

M

Target Key

3085

Comments