STIGQter: STIG Summary: Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:SV-215640r561297_rule
V-215640
SRG-APP-000333-DNS-000104
WDNS-SI-000003
CAT II
10
To disable the version being returned in queries, execute the following command:
dnscmd /config /EnableVersionQuery 0 <enter>
The "EnableVersionQuery" property controls what version information the DNS server will respond with when a DNS query with class set to “CHAOS” and type set to “TXT” is received.
Log on to the DNS server using the Domain Admin or Enterprise Admin account or Local Administrator account.
Open a command window and execute the command:
nslookup <enter>
Note: Confirm the Default Server is the DNS Server on which the command is being run.
At the nslookup prompt, type:
set type=TXT <enter>
set class=CHAOS <enter>
version.bind <enter>
If the response returns something similar to text = "Microsoft DNS 6.1.7601 (1DB14556)", this is a finding.
V-215640
False
WDNS-SI-000003
The "EnableVersionQuery" property controls what version information the DNS server will respond with when a DNS query with class set to “CHAOS” and type set to “TXT” is received.
Log on to the DNS server using the Domain Admin or Enterprise Admin account or Local Administrator account.
Open a command window and execute the command:
nslookup <enter>
Note: Confirm the Default Server is the DNS Server on which the command is being run.
At the nslookup prompt, type:
set type=TXT <enter>
set class=CHAOS <enter>
version.bind <enter>
If the response returns something similar to text = "Microsoft DNS 6.1.7601 (1DB14556)", this is a finding.
M
4016