STIGQter: STIG Summary: Domain Name System (DNS) Security Requirements Guide Version: 2 Release: 4 Benchmark Date: 23 Oct 2015:

The DNS Name Server software must be configured to refuse queries for its version information.

DISA Rule

SV-69093r1_rule

Vulnerability Number

V-54847

Group Title

SRG-APP-000333-DNS-000104

Rule Version

SRG-APP-000333-DNS-000104

Severity

CAT II

CCI(s)

• CCI-002201 - The information system, when transferring information between different security domains, uses organization-defined data type identifiers to validate data essential for information flow decisions.

Weight

10

Fix Recommendation

Configure the name server to refuse queries for its version information.

Check Contents

Review the DNS configuration files. Verify the DNS name server is explicitly configured to refuse queries asking for its version information.

If the name server is not configured to explicitly refuse queries asking for its version information, this is a finding.

Vulnerability Number

V-54847

Documentable

False

Rule Version

SRG-APP-000333-DNS-000104

Severity Override Guidance

Review the DNS configuration files. Verify the DNS name server is explicitly configured to refuse queries asking for its version information.

If the name server is not configured to explicitly refuse queries asking for its version information, this is a finding.

Check Content Reference

M

Target Key

2355

Comments