STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021: STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021:SV-233862r621666_rule
V-233862
SRG-APP-000516-DNS-000084
IDNS-8X-400004
CAT II
10
1. Navigate to Data Management >> DNS >> Grid DNS Properties.
2. Toggle Advanced Mode and edit the "DNSSEC" tab.
3. Ensure "Resource Record Type for Nonexistent Proof" is set to NSEC3.
4. Re-sign all DNSSEC zones that previously used NSEC.
Note: For Infoblox DNS systems on a classified network, this requirement is Not Applicable.
1. Review the zone configuration and confirm that, if DNSSEC is enabled NSEC3 is used.
2. Navigate to Data Management >> DNS >> Grid DNS Properties. Toggle Advanced Mode and review the "DNSSEC" tab.
3. Ensure "Resource Record Type for Nonexistent Proof" is set to NSEC3.
4. When complete, click "Cancel" to exit the "Properties" screen.
5. Review zone data or use Global Search string ".". Type "Equals NSEC Record" to verify no undesired NSEC records exist.
If NSEC records exist in an active zone, or NSEC3 is not configured, this is a finding.
V-233862
False
IDNS-8X-400004
Note: For Infoblox DNS systems on a classified network, this requirement is Not Applicable.
1. Review the zone configuration and confirm that, if DNSSEC is enabled NSEC3 is used.
2. Navigate to Data Management >> DNS >> Grid DNS Properties. Toggle Advanced Mode and review the "DNSSEC" tab.
3. Ensure "Resource Record Type for Nonexistent Proof" is set to NSEC3.
4. When complete, click "Cancel" to exit the "Properties" screen.
5. Review zone data or use Global Search string ".". Type "Equals NSEC Record" to verify no undesired NSEC records exist.
If NSEC records exist in an active zone, or NSEC3 is not configured, this is a finding.
M
5251