STIGQter: STIG Summary: Domain Name System (DNS) Security Requirements Guide Version: 2 Release: 4 Benchmark Date: 23 Oct 2015:

The DNS implementation must protect the authenticity of communications sessions for queries.

DISA Rule

SV-69075r1_rule

Vulnerability Number

V-54829

Group Title

SRG-APP-000219-DNS-000030

Rule Version

SRG-APP-000219-DNS-000030

Severity

CAT II

CCI(s)

• CCI-001184 - The information system protects the authenticity of communications sessions.

Weight

10

Fix Recommendation

Configure the DNS server to provide resolvers with verification of query response integrity via DNSSEC.

Check Contents

Review the DNS server configuration to ensure all zones are configured to provide resolvers with verification of query response integrity via DNSSEC.

If the DNS Server configuration is not configured to provide resolvers with verification of query response integrity via the implementation of DNSSEC, this is a finding.

Vulnerability Number

V-54829

Documentable

False

Rule Version

SRG-APP-000219-DNS-000030

Severity Override Guidance

Review the DNS server configuration to ensure all zones are configured to provide resolvers with verification of query response integrity via DNSSEC.

If the DNS Server configuration is not configured to provide resolvers with verification of query response integrity via the implementation of DNSSEC, this is a finding.

Check Content Reference

M

Target Key

2355

Comments