STIGQter STIGQter: STIG Summary: Domain Name System (DNS) Security Requirements Guide Version: 2 Release: 4 Benchmark Date: 23 Oct 2015:

The validity period for the RRSIGs covering the DS RR for a zones delegated children must be no less than two days and no more than one week.

DISA Rule

SV-69065r1_rule

Vulnerability Number

V-54819

Group Title

SRG-APP-000214-DNS-000079

Rule Version

SRG-APP-000214-DNS-000079

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure RRSIGs for all zones' delegated children to be greater than two days and less than one week.

Check Contents

Review the DNS configuration files. Ensure the validity period for RRSIGs for all zones' delegated children has been explicitly configured and is configured for a range of no less than two days and no more than one week.

If the validity period for the RRSIGs for all zones' delegated children is less than two days or greater than one week, this is a finding.

Vulnerability Number

V-54819

Documentable

False

Rule Version

SRG-APP-000214-DNS-000079

Severity Override Guidance

Review the DNS configuration files. Ensure the validity period for RRSIGs for all zones' delegated children has been explicitly configured and is configured for a range of no less than two days and no more than one week.

If the validity period for the RRSIGs for all zones' delegated children is less than two days or greater than one week, this is a finding.

Check Content Reference

M

Target Key

2355

Comments