The DNS implementation must protect the authenticity of communications sessions for zone transfers.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-APP-000219-DNS-000028 | SRG-APP-000219-DNS-000028 | SRG-APP-000219-DNS-000028_rule | Medium |
| Description |
|---|
| DNS is a fundamental network service which is prone to various attacks, such as cache poisoning and man-in-the middle attacks. If communication sessions are not provided appropriate validity protections, such as the employment of DNSSEC, the authenticity of the data cannot be guaranteed. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2014-07-11 |
Details
| Check Text ( C-SRG-APP-000219-DNS-000028_chk ) |
|---|
| Review the DNS server implementation configuration to determine if the DNS server protects the authenticity of zone transfer communications. If the DNS server does not protect their authenticity, this is a finding. |
| Fix Text (F-SRG-APP-000219-DNS-000028_fix) |
|---|
| Configure the DNS server to protect the authenticity of zone transfer communications sessions. |