The name server’s IP address is NOT statically defined and configured locally on the server. The name server has a DHCP address.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-4478	DNS0435	SV-4478r2_rule	ECSC-1	Medium

Description
Static IP addresses permit a machine to offer Internet services like web, ftp, DNS, and email. Because a specific, known address is associated with your connection, other machines on the Internet know where to send traffic destined for your server. Required ACL restrictions at the router and or firewall are required to protect the DNS server from unauthorized access. Such ACLS require a static IP address to be effective.

Description

Static IP addresses permit a machine to offer Internet services like web, ftp, DNS, and email. Because a specific, known address is associated with your connection, other machines on the Internet know where to send traffic destined for your server. Required ACL restrictions at the router and or firewall are required to protect the DNS server from unauthorized access. Such ACLS require a static IP address to be effective.

STIG	Date
BIND DNS STIG	2015-10-01

Details

Check Text ( C-3522r1_chk )
UNIX Instruction: In the presence of the reviewer, the SA should enter the following command to verify the IP address is not obtained by DHCP, hme0 is used as an example, please confirm the interface: ifconfig hme0 auto_dhcp status If “Ifconfig: hme0: interface is not under DHCP control,” is not displayed, then this is a finding. Please note this above mentioned command does not work on every version of UNIX, if this command does not work, please use the below instruction. In the presence of the reviewer, the SA enters the following command while in the /etc directory: The reviewer should ensure the file /etc/dhpc.hme0 is not located on the server. ls -l If the file dhcp.hme0 is listed (interface designation may different), then this is a finding. Windows Instruction: In the presence of the reviewer, the SA should select Start \| Run, this will bring up the “Run” dialog box. Type cmd at the command line, this will bring up the command screen. Enter the following command: ipconfig /all If “DHCP Enabled” is not set to “No,” then this is a finding.

Check Text ( C-3522r1_chk )

UNIX

Instruction: In the presence of the reviewer, the SA should enter the following command to verify the IP address is not obtained by DHCP, hme0 is used as an example, please confirm the interface:

ifconfig hme0 auto_dhcp status

If “Ifconfig: hme0: interface is not under DHCP control,” is not displayed, then this is a finding.

Please note this above mentioned command does not work on every version of UNIX, if this command does not work, please use the below instruction.

In the presence of the reviewer, the SA enters the following command while in the /etc directory: The reviewer should ensure the file /etc/dhpc.hme0 is not located on the server.

ls -l

If the file dhcp.hme0 is listed (interface designation may different), then this is a finding.

Windows

Instruction: In the presence of the reviewer, the SA should select Start | Run, this will bring up the “Run” dialog box. Type cmd at the command line, this will bring up the command screen. Enter the following command:

ipconfig /all

If “DHCP Enabled” is not set to “No,” then this is a finding.

Fix Text (F-4363r1_fix)
The SA should configure the name server with an IP address that is statically defined.