STIGQter: STIG Summary: Domain Name System (DNS) Security Requirements Guide Version: 2 Release: 4 Benchmark Date: 23 Oct 2015:

A DNS server implementation must perform data origin verification authentication on the name/address resolution responses the system receives from authoritative sources.

DISA Rule

SV-69131r1_rule

Vulnerability Number

V-54885

Group Title

SRG-APP-000426-DNS-000059

Rule Version

SRG-APP-000426-DNS-000059

Severity

CAT II

CCI(s)

• CCI-002468 - The information system performs data origin verification authentication on the name/address resolution responses the system receives from authoritative sources.

Weight

10

Fix Recommendation

Configure the DNS server to perform data origin verification authentication on the name/address resolution responses the system receives from authoritative sources.

Check Contents

Review the DNS server implementation configuration to determine if the DNS server performs data origin verification authentication on the name/address resolution responses the system receives from authoritative sources. If the DNS server does not perform data origin verification authentication on the responses, this is a finding.

Vulnerability Number

V-54885

Documentable

False

Rule Version

SRG-APP-000426-DNS-000059

Severity Override Guidance

Review the DNS server implementation configuration to determine if the DNS server performs data origin verification authentication on the name/address resolution responses the system receives from authoritative sources. If the DNS server does not perform data origin verification authentication on the responses, this is a finding.

Check Content Reference

M

Target Key

2355

Comments