The DNS log archival requirements do not meet or exceed the log archival requirements of the operating system on which the DNS software resides.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-13034	DNS0110	SV-13602r1_rule		Medium

Description
Name servers are dedicated to the DNS function and, as a result, the most critical security and operations events on those name servers will appear in the DNS logs. Different sites may have different policies regarding archival, but the DNS logs should be maintained in an equivalent (or better) manner as the operating system logs. Therefore, if operating system logs are stored for a year, then DNS logs should be stored for at least a year. If operating system logs are written to read-only media, then the DNS logs should be written to read-only media as well.

Description

Name servers are dedicated to the DNS function and, as a result, the most critical security and operations events on those name servers will appear in the DNS logs. Different sites may have different policies regarding archival, but the DNS logs should be maintained in an equivalent (or better) manner as the operating system logs. Therefore, if operating system logs are stored for a year, then DNS logs should be stored for at least a year. If operating system logs are written to read-only media, then the DNS logs should be written to read-only media as well.

STIG	Date
DNS Policy	2016-06-30

Details

Check Text ( C-3355r1_chk )
This check is only applicable if DNS logs are independent from system logs. If the log archival scheme for the DNS logs is weaker than the one for the system logs, then this is a finding.This check is only applicable if DNS logs are independent from system logs. If the log archival scheme for the DNS logs is weaker than the one for the system logs, then this is a finding. Windows DNS log files are normally kept in two locations. The system event logs which can be viewed from Event Viewer found under the Administrative tools from the Start Menu. In addition, debug logging options such as query, notify, and update requirements can be viewed in a file named %systemroot%\system32\dns\dns.log. BIND BIND logging files can be found by viewing the /etc/named.conf file. Within the named.conf will be an option for logging that will display the file path to the log files. In addition, most Unix machines will also log information in the syslog on the system.

Check Text ( C-3355r1_chk )

This check is only applicable if DNS logs are independent from system logs. If the log archival scheme for the DNS logs is weaker than the one for the system logs, then this is a finding.This check is only applicable if DNS logs are independent from system logs. If the log archival scheme for the DNS logs is weaker than the one for the system logs, then this is a finding.

Windows

DNS log files are normally kept in two locations. The system event logs which can be viewed from Event Viewer found under the Administrative tools from the Start Menu. In addition, debug logging options such as query, notify, and update requirements can be viewed in a file named %systemroot%\system32\dns\dns.log.

BIND

BIND logging files can be found by viewing the /etc/named.conf file. Within the named.conf will be an option for logging that will display the file path to the log files. In addition, most Unix machines will also log information in the syslog on the system.

Fix Text (F-4338r1_fix)
Working with appropriate technical and facility personnel, the IAO should implement an archival strategy that is at least as extensive as the current archival operation for operating system logs.