STIGQter: STIG Summary: Domain Name System (DNS) Security Requirements Guide Version: 2 Release: 4 Benchmark Date: 23 Oct 2015:

The DNS server implementation must log the event and notify the system administrator when anomalies in the operation of the signed zone transfers are discovered.

DISA Rule

SV-69153r1_rule

Vulnerability Number

V-54907

Group Title

SRG-APP-000474-DNS-000073

Rule Version

SRG-APP-000474-DNS-000073

Severity

CAT II

CCI(s)

• CCI-002702 - The information system shuts the information system down, restarts the information system, and/or initiates organization-defined alternative action(s) when anomalies in the operation of the organization-defined security functions are discovered.

Weight

10

Fix Recommendation

Configure the DNS server to log the event and notify the system administrator when anomalies in the operation of the signed zone transfers are discovered.

Check Contents

Review the DNS server implementation configuration to determine if the DNS server logs the event and notifies the system administrator when anomalies in the operation of the signed zone transfers are discovered.

If the DNS server implementation does not log the event and notify the system administrator when anomalies in the operation of the signed zone transfers are discovered, this is a finding.

Vulnerability Number

V-54907

Documentable

False

Rule Version

SRG-APP-000474-DNS-000073

Severity Override Guidance

Review the DNS server implementation configuration to determine if the DNS server logs the event and notifies the system administrator when anomalies in the operation of the signed zone transfers are discovered.

If the DNS server implementation does not log the event and notify the system administrator when anomalies in the operation of the signed zone transfers are discovered, this is a finding.

Check Content Reference

M

Target Key

2355

Comments