UCF STIG Viewer Logo

The DNS implementation must be fault-tolerant.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34261 SRG-NET-000304-DNS-000165 SV-44740r1_rule High
Description
A critical component of securing an information system is ensuring its availability. The best way to ensure availability is to eliminate any single point of failure in the system itself and in the network architecture that supports it. DNS is one of the backbone services of any network, without DNS, host name to IP resolution cannot be performed. In order to eliminate single points of failure and to enhance redundancy, there are typically at least two authoritative domain name system (DNS) servers, one configured as primary and the other as secondary. Additionally, the two servers are commonly located in two different network subnets and geographically separated (i.e., not located in the same physical facility).
STIG Date
Domain Name System (DNS) Security Requirements Guide 2012-10-24

Details

Check Text ( C-42245r1_chk )
Review the DNS implementation to determine if the architecture and systems have built in redundancy and fault tolerance for all zones. If fault tolerance and redundancy are not built into the system, this is a finding.
Fix Text (F-38192r1_fix)
Configure the DNS architecture and systems to be fault tolerant and redundant for all zones.