A unique TSIG key is not generated and utilized for each type of transaction.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-12440 | DNS0250 | SV-12999r2_rule | DCNR-1 | Low |
| Description |
|---|
| To enable zone transfer (requests and responses) through authenticated messages, it is necessary to generate a key for every pair of name servers. The key also can be used for securing other transactions, such as dynamic updates, DNS queries, and responses. |
| STIG | Date |
|---|---|
| BIND DNS STIG | 2015-10-01 |
Details
| Check Text ( C-8587r1_chk ) |
|---|
| Verify in the named.conf file that the key statement has a unique file name and location depending on transaction type. |
| Fix Text (F-11750r1_fix) |
|---|
| The SA will ensure a new TSIG key is generated and utilized for each type of transaction (zone transfer, dynamic updates, etc) |