STIGQter STIGQter: STIG Summary: Infoblox 7.x DNS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

A DNS server implementation must provide additional integrity artifacts along with the authoritative name resolution data the system returns in response to external name/address resolution queries.

DISA Rule

SV-214190r612370_rule

Vulnerability Number

V-214190

Group Title

SRG-APP-000422-DNS-000055

Rule Version

IDNS-7X-000510

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

DNSSEC validation is enabled by navigating to Data Management >> DNS >> Grid DNS properties.

Toggle Advanced Mode click on "DNSSEC" tab.
Enable both "Enable DNSSEC" and "Enable DNSSEC validation".
When complete, click "Save & Close" to save the changes and exit the "Properties" screen.

Perform a service restart if necessary.

Check Contents

Note: For Infoblox DNS systems on a Classified network, this requirement is Not Applicable.

Validate that DNSSEC validation is enabled by navigating to Data Management >> DNS >> Grid DNS properties.

Note: DNSSEC validation is only applicable on a grid member where recursion is active.

Toggle Advanced Mode click on "DNSSEC" tab.
When complete, click "Cancel" to exit the "Properties" screen.

If both "Enable DNSSEC" and "Enable DNSSEC validation" are not enabled, this is a finding.

Vulnerability Number

V-214190

Documentable

False

Rule Version

IDNS-7X-000510

Severity Override Guidance

Note: For Infoblox DNS systems on a Classified network, this requirement is Not Applicable.

Validate that DNSSEC validation is enabled by navigating to Data Management >> DNS >> Grid DNS properties.

Note: DNSSEC validation is only applicable on a grid member where recursion is active.

Toggle Advanced Mode click on "DNSSEC" tab.
When complete, click "Cancel" to exit the "Properties" screen.

If both "Enable DNSSEC" and "Enable DNSSEC validation" are not enabled, this is a finding.

Check Content Reference

M

Target Key

3995

Comments