The DHCP service must not be enabled on an external authoritative name server.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-214225 | IDNS-7X-001000 | SV-214225r612370_rule | CCI-000382 | medium |
| Description | ||||
| The site DNS and DHCP architecture must be reviewed to ensure only the appropriate services are enabled on each Grid Member. An external authoritative name server must be configured to allow only authoritative DNS. | ||||
| STIG | Date | |||
| Infoblox 7.x DNS Security Technical Implementation Guide | 2020-12-10 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-7
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.4.6
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000382
1.00
- DISA · 2 · disa_xccdf · related
Details
Check Text (C-214225r612370_chk)
Navigate to Grid >> Grid Manager >> Services tab.
Select "DHCP" and verify only internal Infoblox members have the service enabled.
If an external authoritative name server has DHCP enabled this is a finding.
Fix Text (F-15438r295939_fix)
Navigate to Data Management >> DHCP >> Members/Servers tab.
Select the Infoblox member using the check box and click "Stop" in the toolbar to disable the "DHCP" service.