STIGQter: STIG Summary: Infoblox 7.x DNS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The Infoblox system must ensure each NS record in a zone file points to an active name server authoritative for the domain specified in that record.

DISA Rule

SV-214204r612370_rule

Vulnerability Number

V-214204

Group Title

SRG-APP-000516-DNS-000085

Rule Version

IDNS-7X-000730

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Use either global search or review of DNS zone data to verify NS configuration.

Remove or update any incorrect NS records or name server configuration.

Check Contents

For Infoblox Grid Members, log on to the Grid Master.

Navigate to Data Management >> DNS >> Members/Servers tab.

Verify that all assigned members have a status of "Running".
For non-Infoblox systems, review DNS zone data and confirm that all systems external to the Infoblox grid have NS records which point to an active name server authoritative for the domain.

If the Infoblox Grid Members do not have a status of "Running" or non-Infoblox systems do not have NS records pointing to an active name server authoritative for the domain, this is a finding.

Vulnerability Number

V-214204

Documentable

False

Rule Version

IDNS-7X-000730

Severity Override Guidance

For Infoblox Grid Members, log on to the Grid Master.

Navigate to Data Management >> DNS >> Members/Servers tab.

Verify that all assigned members have a status of "Running".
For non-Infoblox systems, review DNS zone data and confirm that all systems external to the Infoblox grid have NS records which point to an active name server authoritative for the domain.

If the Infoblox Grid Members do not have a status of "Running" or non-Infoblox systems do not have NS records pointing to an active name server authoritative for the domain, this is a finding.

Check Content Reference

M

Target Key

3995

Comments