The BIND 9.x server implementation must be configured with a channel to send audit records to a local file.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-72393	BIND-9X-001041	SV-87017r1_rule		Low

Description
DNS software administrators require DNS transaction logs for a wide variety of reasons including troubleshooting, intrusion detection, and forensics. Ensuring that the DNS transaction logs are recorded on the local system will provide the capability needed to support these actions.

STIG	Date
BIND 9.x Security Technical Implementation Guide	2019-01-07

Details

Check Text ( C-72597r1_chk )
Verify that the BIND 9.x server is configured to send audit logs to a local log file. Inspect the "named.conf" file for the following: logging { channel local_file_channel { file "path_name" versions 3; print-time yes; print-severity yes; print-category yes; }; category category_name { local_file_channel; }; If a logging channel is not defined for a local file, this is a finding. If a category is not defined to send messages to the local file channel, this is a finding.

Check Text ( C-72597r1_chk )

Verify that the BIND 9.x server is configured to send audit logs to a local log file.

Inspect the "named.conf" file for the following:

logging {
channel local_file_channel {
file "path_name" versions 3;
print-time yes;
print-severity yes;
print-category yes;
};

category category_name { local_file_channel; };

If a logging channel is not defined for a local file, this is a finding.

If a category is not defined to send messages to the local file channel, this is a finding.

Fix Text (F-78749r1_fix)
Edit the "named.conf" file and add the following: logging { channel local_file_channel { file "path_name" versions 3; print-time yes; print-severity yes; print-category yes; }; category category_name { local_file_channel; }; }; Restart the BIND 9.x process.