STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021:

The IP address for hidden master authoritative name servers must not appear in the name servers set in the zone database.

DISA Rule

SV-233876r621666_rule

Vulnerability Number

V-233876

Group Title

SRG-APP-000516-DNS-000108

Rule Version

IDNS-8X-400018

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

For each zone that is not in compliance:

1. Navigate to Data Management >> DNS >> Zones.
2. Reconfigure the "Name Servers" tab and modify the Grid Master by selecting "Stealth".
3. When complete, click "Save & Close" to save the changes and exit the "Properties" screen.
4. Perform a service restart if necessary.

Check Contents

Verify that the Infoblox Grid Master is not configured to service DNS requests from clients.

1. Navigate to Data Management >> DNS >> Zones.
2. Review each zone by selecting the zone, clicking "Edit", and selecting the "Name Servers" tab.

If the Grid Master is a listed name server and not marked "Stealth", this is a finding.

Vulnerability Number

V-233876

Documentable

False

Rule Version

IDNS-8X-400018

Severity Override Guidance

Verify that the Infoblox Grid Master is not configured to service DNS requests from clients.

1. Navigate to Data Management >> DNS >> Zones.
2. Review each zone by selecting the zone, clicking "Edit", and selecting the "Name Servers" tab.

If the Grid Master is a listed name server and not marked "Stealth", this is a finding.

Check Content Reference

M

Target Key

5251

Comments