The BIND 9.x server implementation must not be configured with a channel to send audit records to null.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-207540 | BIND-9X-001017 | SV-207540r612253_rule | Low |
| Description |
|---|
| DNS software administrators require DNS transaction logs for a wide variety of reasons including troubleshooting, intrusion detection, and forensics. Ensuring that the DNS transaction logs are recorded on the local system will provide the capability needed to support these actions. Sending DNS transaction data to the null channel would cause a loss of important data. |
| STIG | Date |
|---|---|
| BIND 9.x Security Technical Implementation Guide | 2021-06-23 |
Details
| Check Text ( C-7795r283674_chk ) |
|---|
| Verify that the BIND 9.x server is not configured to send audit logs to the null channel. Inspect the "named.conf" file for the following: category null { null; } If there is a category defined to send audit logs to the "null" channel, this is a finding. |
| Fix Text (F-7795r283675_fix) |
|---|
| Edit the "named.conf" file. Remove any instance of the following: category null { null; }; Restart the BIND 9.x process. |