STIGQter: STIG Summary: BIND 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The core BIND 9.x server files must be owned by the root or BIND 9.x process account.

DISA Rule

SV-207580r612253_rule

Vulnerability Number

V-207580

Group Title

SRG-APP-000516-DNS-000099

Rule Version

BIND-9X-001320

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Change the ownership of the files to the root or BIND 9.x process account.

# chown <account_name> <file>

Check Contents

Verify that the core BIND 9.x server files are owned by the root or BIND 9.x process account.

With the assistance of the DNS administrator, identify the following files:

named.conf
root hints
master zone file(s)
slave zone files(s)

Note: The name of the root hints file is defined in named.conf. Common names for the file are root.hints, named.cache, or db.cache.

If the identified files are not owned by the root or BIND 9.x process account, this is a finding.

Vulnerability Number

V-207580

Documentable

False

Rule Version

BIND-9X-001320

Severity Override Guidance

Verify that the core BIND 9.x server files are owned by the root or BIND 9.x process account.

With the assistance of the DNS administrator, identify the following files:

named.conf
root hints
master zone file(s)
slave zone files(s)

Note: The name of the root hints file is defined in named.conf. Common names for the file are root.hints, named.cache, or db.cache.

If the identified files are not owned by the root or BIND 9.x process account, this is a finding.

Check Content Reference

M

Target Key

2926

Comments