STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021:

Infoblox systems that perform zone transfers to non-Grid DNS servers must limit the number of concurrent sessions for zone transfers.

DISA Rule

SV-233855r621666_rule

Vulnerability Number

V-233855

Group Title

SRG-APP-000001-DNS-000001

Rule Version

IDNS-8X-100001

Severity

CAT II

CCI(s)

CCI-000054 - The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions.

Weight

Fix Recommendation

1. Navigate to Data Management >> DNS >> Members tab.
2. Click "Edit" to review each member with the DNS service status of "Running".
3. Toggle Advanced Mode and select General >> Advanced tab.
4. Configure both inbound and outbound zone transfer to appropriate values.
5. When complete, click "Save & Close" to save the changes and exit the "Properties" screen.
6. Perform a service restart if necessary.

Check Contents

Verify inbound and outbound zone transfer limits are configured. These values control the amount of concurrent zone transfers to non-Grid DNS servers.

1. Navigate to Data Management >> DNS >> Members tab.
2. Review each server with the DNS service enabled.
3. Select each server, click "Edit", toggle Advanced Mode, and select General >> Advanced tab.
4. Verify zone transfer limitations are configured.
5. When complete, click "Cancel" to exit the "Properties" screen.

If zone transfer limits are not configured for non-Infoblox grid name servers, this is a finding.

Infoblox systems that perform zone transfers to non-Grid DNS servers must limit the number of concurrent sessions for zone transfers.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments