STIGQter: STIG Summary: Infoblox 7.x DNS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Infoblox 7.x DNS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-214179r612370_rule
V-214179
SRG-APP-000247-DNS-000036
IDNS-7X-000350
CAT II
10
Log on to the Infoblox system using the CLI.
Use "set ip_rate_limit [OPTIONS}" to reduce risk of cache poisoning attacks by rate limiting udp/53 traffic.
Use "set dns_rrl" to enable DNS response rate limiting. This helps reduce the risk of DoS attacks by reducing the rate at which authoritative name servers respond to queries, such as a flood.
Infoblox systems have a number of options that can be configured to reduce the ability to be exploited in a DoS attack. Usage of rate limiting can reduce risk from cache poisoning attacks and DoS attacks.
Log on to the Infoblox system and issue the commands:
"show ip_rate_limit" and "show dns_rrl"
Review the output from these commands with the network architecture.
If rate limiting is not configured on the Infoblox system or within the network security architecture, this is a finding.
Note: "set dns_rrl" is only applicable to code version 7.2 and above.
V-214179
False
IDNS-7X-000350
Infoblox systems have a number of options that can be configured to reduce the ability to be exploited in a DoS attack. Usage of rate limiting can reduce risk from cache poisoning attacks and DoS attacks.
Log on to the Infoblox system and issue the commands:
"show ip_rate_limit" and "show dns_rrl"
Review the output from these commands with the network architecture.
If rate limiting is not configured on the Infoblox system or within the network security architecture, this is a finding.
Note: "set dns_rrl" is only applicable to code version 7.2 and above.
M
3995