STIGQter: STIG Summary: BIND 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The core BIND 9.x server files must be group owned by a group designated for DNS administration only.

DISA Rule

SV-207581r612253_rule

Vulnerability Number

V-207581

Group Title

SRG-APP-000516-DNS-000099

Rule Version

BIND-9X-001321

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Change the ownership of the core BIND 9.x server files to the process account group.

# chgrp (BIND 9.x process account) <file>

Check Contents

Verify that the core BIND 9.x server files are group owned by a group designated for DNS administration only.

With the assistance of the DNS administrator, identify the following files:

named.conf
root hints
master zone file(s)
slave zone file(s)

Note: The name of the root hints file is defined in named.conf. Common names for the file are root.hints, named.cache, or db.cache.

If the identified files are not group owned by a group designated for DNS administration, this is a finding.

Vulnerability Number

V-207581

Documentable

False

Rule Version

BIND-9X-001321

Severity Override Guidance

Verify that the core BIND 9.x server files are group owned by a group designated for DNS administration only.

With the assistance of the DNS administrator, identify the following files:

named.conf
root hints
master zone file(s)
slave zone file(s)

Note: The name of the root hints file is defined in named.conf. Common names for the file are root.hints, named.cache, or db.cache.

If the identified files are not group owned by a group designated for DNS administration, this is a finding.

Check Content Reference

M

Target Key

2926

Comments