STIGQter: STIG Summary: Infoblox 7.x DNS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The DNS server implementation must follow procedures to re-role a secondary name server as the master name server should the master name server permanently lose functionality.

DISA Rule

SV-214199r612370_rule

Vulnerability Number

V-214199

Group Title

SRG-APP-000451-DNS-000069

Rule Version

IDNS-7X-000640

Severity

CAT II

CCI(s)

CCI-002775 - The information system implements organization-defined fail-safe procedures when organization-defined failure conditions occur.
CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Refer to the Infoblox NIOS Administration Guide, Chapters "Deploying a Grid", and "Configuring DNS Zones", section "Assigning Zone Authority to Name Servers" if necessary.

Check Contents

Within an Infoblox Grid, configuration control is done through the Grid Master. In the event of a Grid Member failure, upon replacement, the Grid Master will configure the new system to replace the failed member.

A Grid Master Candidate can be configured to alleviate issues in the event of a Grid Master failure. The Grid Master will replicate the entire database to the Grid Master Candidate, which can be promoted to the Grid Master role if needed.

Review Grid, Grid Manger configuration to ensure a Grid Master Candidate is configured.

If the site does not have a Grid Master Candidate, or local backup and policy guidance on system recovery, this is a finding.

The DNS server implementation must follow procedures to re-role a secondary name server as the master name server should the master name server permanently lose functionality.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments