STIGQter: STIG Summary: Infoblox 7.x DNS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Infoblox 7.x DNS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-214169r612370_rule
V-214169
SRG-APP-000214-DNS-000025
IDNS-7X-000220
CAT II
10
Navigate to Data Management >> DNS >> Zones tab.
Select the parent zone, and use the DNSSEC drop-down menu to select "Import Keyset".
Add the child zone DS RRs and select "Import".
Note: For Infoblox DNS systems on a Classified network, this requirement is Not Applicable.
Infoblox systems within a Grid configuration automatically publish DS records to the parent zone when the child zone is signed.
If all name servers for parent and child zones are within an Infoblox Grid, this is not a finding.
Review the parent zones hosted on the Infoblox server for which the child zone is NOTE on the same Infoblox Grid. Each zone must include the Delegation Signer (DS) records for the child zone.
If DS records are not published in the parent zone for DNSSEC signed child zones, this is a finding.
V-214169
False
IDNS-7X-000220
Note: For Infoblox DNS systems on a Classified network, this requirement is Not Applicable.
Infoblox systems within a Grid configuration automatically publish DS records to the parent zone when the child zone is signed.
If all name servers for parent and child zones are within an Infoblox Grid, this is not a finding.
Review the parent zones hosted on the Infoblox server for which the child zone is NOTE on the same Infoblox Grid. Each zone must include the Delegation Signer (DS) records for the child zone.
If DS records are not published in the parent zone for DNSSEC signed child zones, this is a finding.
M
3995