STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021:

The Infoblox DNS server must not reveal sensitive information to an attacker. This includes HINFO, RP, LOC resource, and sensitive TXT record data.

DISA Rule

SV-233857r621666_rule

Vulnerability Number

V-233857

Group Title

SRG-APP-000333-DNS-000107

Rule Version

IDNS-8X-200001

Severity

CAT II

CCI(s)

• CCI-002201 - The information system, when transferring information between different security domains, uses organization-defined data type identifiers to validate data essential for information flow decisions.

Weight

10

Fix Recommendation

1. Navigate to Data Management >> DNS >> Zones.
2. Select and edit the zone identified during the Check.
3. Select the RR and click "Delete" to remove the record.

Check Contents

Review external DNS zone data and verify there are no HINFO, LOC, RP, or TXT RRs that disclose any information that may be used for malicious purposes.

1. Navigate to Data Management >> DNS >> Zones tab.
2. Click on the appropriate DNS Zone.
3. Review external zone data for HINFO, LOC, RP, and TXT RRs.

If any HINFO, LOC, RP, or TXT RRs exist that disclose any information that may be used for malicious purposes, this is a finding.

Vulnerability Number

V-233857

Documentable

False

Rule Version

IDNS-8X-200001

Severity Override Guidance

Review external DNS zone data and verify there are no HINFO, LOC, RP, or TXT RRs that disclose any information that may be used for malicious purposes.

1. Navigate to Data Management >> DNS >> Zones tab.
2. Click on the appropriate DNS Zone.
3. Review external zone data for HINFO, LOC, RP, and TXT RRs.

If any HINFO, LOC, RP, or TXT RRs exist that disclose any information that may be used for malicious purposes, this is a finding.

Check Content Reference

M

Target Key

5251

Comments