STIGQter: STIG Summary: Domain Name System (DNS) Security Requirements Guide Version: 2 Release: 4 Benchmark Date: 23 Oct 2015:

The DNS server implementation must strongly bind the identity of the DNS server with the DNS information.

DISA Rule

SV-69217r1_rule

Vulnerability Number

V-54971

Group Title

SRG-APP-000347-DNS-000041

Rule Version

SRG-APP-000347-DNS-000041

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-001901 - The information system binds the identity of the information producer with the information to an organization-defined strength of binding.

Weight

10

Fix Recommendation

Configure the DNS server to strongly bind the identity of the DNS server with the DNS information.

Check Contents

Review the DNS server implementation configuration to determine if the DNS server strongly binds the identity of the DNS server with the DNS information. Examples include enabling DNSSEC and enabling TSIG or SIG(0). If the DNS server does not strongly bind the identity of the DNS server with the DNS information, this is a finding.

Vulnerability Number

V-54971

Documentable

False

Rule Version

SRG-APP-000347-DNS-000041

Severity Override Guidance

Review the DNS server implementation configuration to determine if the DNS server strongly binds the identity of the DNS server with the DNS information. Examples include enabling DNSSEC and enabling TSIG or SIG(0). If the DNS server does not strongly bind the identity of the DNS server with the DNS information, this is a finding.

Check Content Reference

M

Target Key

2355

Comments