The AIX DHCP client must not send dynamic DNS updates.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-215427 | AIX7-00-003132 | SV-215427r991589_rule | CCI-000366 | medium |
| Description | ||||
| Dynamic DNS updates transmit unencrypted information about a system including its name and address and should not be used unless needed. | ||||
| STIG | Date | |||
| IBM AIX 7.x Security Technical Implementation Guide | 2024-08-16 | |||
Details
Check Text (C-215427r991589_chk)
If AIX does not use DHCP client, this is Not Applicable.
Determine if the system's DHCP client is configured to send dynamic DNS updates:
# grep "^updateDNS" /etc/dhcpc.opt /etc/dhcpcd.ini
If any lines are returned, this is a finding.
Fix Text (F-16623r294733_fix)
Configure the system's DHCP client to not send dynamic DNS updates.
Remove or comment-out "updateDNS" lines from the "/etc/dhcpcd.ini" and "/etc/dhcpc.opt" files.