STIGQter: STIG Summary: Infoblox 7.x DNS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

Primary authoritative name servers must be configured to only receive zone transfer requests from specified secondary name servers.

DISA Rule

SV-214160r612370_rule

Vulnerability Number

V-214160

Group Title

SRG-APP-000516-DNS-000095

Rule Version

IDNS-7X-000020

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Navigate to Data Management >> DNS >> Members/Servers tab and configure access control (ACL or ACE) on each grid member which communicates with an external secondary.

When complete, click "Save & Close" to save the changes and exit the "Properties" screen.

Perform a service restart if necessary.

Check Contents

Infoblox grid members do not utilize DNS zone transfers to exchange DNS data. Communication between grid members is via a distributed database over a secure Virtual Private Network (VPN).

If configured to utilize zone transfers to external DNS servers, ensure Access Control Lists are configured to restrict data flow.

If Access Controls Lists are not configured for zone transfers to external non-Grid servers, this is a finding.

Vulnerability Number

V-214160

Documentable

False

Rule Version

IDNS-7X-000020

Severity Override Guidance

Infoblox grid members do not utilize DNS zone transfers to exchange DNS data. Communication between grid members is via a distributed database over a secure Virtual Private Network (VPN).

If configured to utilize zone transfers to external DNS servers, ensure Access Control Lists are configured to restrict data flow.

If Access Controls Lists are not configured for zone transfers to external non-Grid servers, this is a finding.

Check Content Reference

M

Target Key

3995

Comments