STIGQter: STIG Summary: BIND 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The permissions assigned to the core BIND 9.x server files must be set to utilize the least privilege possible.

DISA Rule

SV-207582r612253_rule

Vulnerability Number

V-207582

Group Title

SRG-APP-000516-DNS-000099

Rule Version

BIND-9X-001322

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the permissions of each file to the following:

named.conf : rw-r-----
root hints : rw-r-----
master zone file(s): rw-r-----
slave zone file(s): rw-rw----

Check Contents

With the assistance of the DNS administrator, identify the following files:

named.conf : rw-r-----
root hints : rw-r-----
master zone file(s): rw-r-----
slave zone file(s): rw-rw----

Note: The name of the root hints file is defined in named.conf. Common names for the file are root.hints, named.cache, or db.cache.

Verify that the permissions for the core BIND 9.x server files are at least as restrictive as listed above.

If the identified files are not as least as restrictive as listed above, this is a finding.

Vulnerability Number

V-207582

Documentable

False

Rule Version

BIND-9X-001322

Severity Override Guidance

With the assistance of the DNS administrator, identify the following files:

named.conf : rw-r-----
root hints : rw-r-----
master zone file(s): rw-r-----
slave zone file(s): rw-rw----

Note: The name of the root hints file is defined in named.conf. Common names for the file are root.hints, named.cache, or db.cache.

Verify that the permissions for the core BIND 9.x server files are at least as restrictive as listed above.

If the identified files are not as least as restrictive as listed above, this is a finding.

Check Content Reference

M

Target Key

2926

Comments