STIGQter: STIG Summary: Infoblox 7.x DNS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

All authoritative name servers for a zone must be geographically disbursed.

DISA Rule

SV-219058r612370_rule

Vulnerability Number

V-219058

Group Title

SRG-APP-000516-DNS-000500

Rule Version

IDNS-7X-000260

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the authoritative name servers to be geographically disbursed.

Check Contents

Review the NS records for each zone hosted and confirm that each authoritative name server is located at a different physical location than the remaining name servers.

Infoblox supports designation as a "stealth" name server, which will not have a NS record.

If all name servers, for which NS records are listed, are not physically at different locations, this is a finding.

Vulnerability Number

V-219058

Documentable

False

Rule Version

IDNS-7X-000260

Severity Override Guidance

Review the NS records for each zone hosted and confirm that each authoritative name server is located at a different physical location than the remaining name servers.

Infoblox supports designation as a "stealth" name server, which will not have a NS record.

If all name servers, for which NS records are listed, are not physically at different locations, this is a finding.

Check Content Reference

M

Target Key

3995

Comments