The DNS implementation must protect the authenticity of communications sessions for dynamic updates.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-205183 | SRG-APP-000219-DNS-000029 | SV-205183r961110_rule | CCI-001184 | medium |
| Description | ||||
| DNS is a fundamental network service that is prone to various attacks, such as cache poisoning and man-in-the middle attacks. If communication sessions are not provided appropriate validity protections, such as the employment of DNSSEC, the authenticity of the data cannot be guaranteed. | ||||
| STIG | Date | |||
| Domain Name System (DNS) Security Requirements Guide | 2024-07-02 | |||
Details
Check Text (C-205183r961110_chk)
Review the DNS server configuration to determine if communication sessions for dynamic updates are provided authenticity protection.
If communications sessions do not employ authenticity protections, this is a finding.
Fix Text (F-5450r392463_fix)
Configure the DNS server to employ mechanisms to protect the authenticity of communications sessions for dynamic updates.