The HINFO, RP, TXT and LOC RR types must not be used in the zone SOA.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-APP-000516-DNS-000107 | SRG-APP-000516-DNS-000107 | SRG-APP-000516-DNS-000107_rule | Medium |
| Description |
|---|
| A DNS administrator should take care when including HINFO, RP, TXT, LOC, or other RR types that could divulge information that would be useful to an attacker or the external view of a zone if using split DNS. These RR types should be avoided, if possible, and only used if necessary to support operational policy. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2014-07-11 |
Details
| Check Text ( C-SRG-APP-000516-DNS-000107_chk ) |
|---|
| Review the DNS configuration files. Verify there are not any HINFO, RP, TXT, or LOC RR type RRs in the configuration. If there are any HINFO, RP, TXT or LOC RR type RRs in the configuration, this is a finding. |
| Fix Text (F-SRG-APP-000516-DNS-000107_fix) |
|---|
| Configure the DNS configuration to not include any HINFO, RP, TXT, or LOC RR type RRs. |