STIGQter: STIG Summary: BIND 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The BIND 9.x secondary name server must limit the total number of zones the name server can request at any one time.

DISA Rule

SV-207550r612253_rule

Vulnerability Number

V-207550

Group Title

SRG-APP-000001-DNS-000001

Rule Version

BIND-9X-001051

Severity

CAT II

CCI(s)

• CCI-000054 - The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions.

Weight

10

Fix Recommendation

Edit the "named.conf" file.

Add the "transfers-in" sub statement to the "options" statement block.

The value of the "transfers-in" will be based on organizational requirements needed to support DNS operations.

Restart the BIND 9.x process.

Check Contents

If this is not a secondary name server, this requirement is Not Applicable.

Verify the name server is configured to limit the total number of zones that can be requested at one time:

Inspect the "named.conf" file for the following:

options {
transfers-in 10;
};

If the "options" statement does not contain a "transfers-in" sub statement, this is a finding.

Vulnerability Number

V-207550

Documentable

False

Rule Version

BIND-9X-001051

Severity Override Guidance

If this is not a secondary name server, this requirement is Not Applicable.

Verify the name server is configured to limit the total number of zones that can be requested at one time:

Inspect the "named.conf" file for the following:

options {
transfers-in 10;
};

If the "options" statement does not contain a "transfers-in" sub statement, this is a finding.

Check Content Reference

M

Target Key

2926

Comments