STIGQter: STIG Summary: Infoblox 7.x DNS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Infoblox 7.x DNS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-214175r612370_rule
V-214175
SRG-APP-000219-DNS-000029
IDNS-7X-000280
CAT II
10
Infoblox Systems can be configured in two ways to limit DDNS client updates.
For clients that support GSS-TSIG, navigate to Data Management >> DNS >> Members/Servers tab.
Review each server with the DNS service enabled.
Select each server, click "Edit", toggle Advanced Mode and select GSS-TSIG.
Configure the option "Enable GSS-TSIG authentication of clients".
Upload the required keys. Refer to the Administration Guide for detailed instructions.
For clients that do not support GSS-TSIG, navigate to Data Management >> DNS >> Members/Servers tab.
Review each server with the DNS service enabled.
Select each server, click "Edit".
Select the "Updates" tab.
Select either an existing Named ACL or configure a new Set of ACEs to limit client DDNS.
When complete, click "Save & Close" to save the changes and exit the "Properties" screen.
Perform a service restart if necessary.
Note: For Infoblox DNS systems on a Classified network, this requirement is Not Applicable.
Infoblox Systems can be configured in two ways to limit DDNS client updates.
For clients that support GSS-TSIG, navigate to Data Management >> DNS >> Members/Servers tab.
Review each server with the DNS service enabled.
Select each server, click "Edit", toggle Advanced Mode and select GSS-TSIG.
Verify that "Enable GSS-TSIG authentication of clients" is enabled.
For clients that do not support GSS-TSIG, navigate to Data Management >> DNS >> Members/Servers tab.
Review each server with the DNS service enabled. Select each server, click "Edit".
Select the "Updates" tab.
Verify that either a Named ACL or Set of ACEs are defined to limit client DDNS. When complete, click "Cancel" to exit the "Properties" screen.
If clients that support GSS-TSIG do not have "Enable GSS-TSIG authentication of clients" set or a named ACL or set of ACEs for clients that do not support GSS-TSIG, this is a finding.
V-214175
False
IDNS-7X-000280
Note: For Infoblox DNS systems on a Classified network, this requirement is Not Applicable.
Infoblox Systems can be configured in two ways to limit DDNS client updates.
For clients that support GSS-TSIG, navigate to Data Management >> DNS >> Members/Servers tab.
Review each server with the DNS service enabled.
Select each server, click "Edit", toggle Advanced Mode and select GSS-TSIG.
Verify that "Enable GSS-TSIG authentication of clients" is enabled.
For clients that do not support GSS-TSIG, navigate to Data Management >> DNS >> Members/Servers tab.
Review each server with the DNS service enabled. Select each server, click "Edit".
Select the "Updates" tab.
Verify that either a Named ACL or Set of ACEs are defined to limit client DDNS. When complete, click "Cancel" to exit the "Properties" screen.
If clients that support GSS-TSIG do not have "Enable GSS-TSIG authentication of clients" set or a named ACL or set of ACEs for clients that do not support GSS-TSIG, this is a finding.
M
3995