UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DNS implementation must disable use of non-secure protocols.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33961 SRG-NET-000067-DNS-000033 SV-44414r1_rule Medium
Description
In this context an unsecure protocol is one that has not been evaluated and accepted for use as per the Ports, Protocols, and Services Category Assignments List (CAL) from DISA (PPSM). Disabling the use of non-secure protocols is essential to protect the DNS implementation and architecture. If a non-secure protocol is used, it could potentially provide an exploitable path into the DNS infrastructure. As the DNS systems maintain a mapping of IP addresses to host names, this could provide valuable information to an attacker if accessed.
STIG Date
Domain Name System (DNS) Security Requirements Guide 2012-10-24

Details

Check Text ( C-41971r1_chk )
Review the DNS system against the most recent Ports, Protocols, and Services Category Assignments List (CAL) from DISA (PPSM), as well as vendor documentation and operating system guidance, to determine if non-secure protocols are installed and listening on the DNS system.

If non-secure protocols are in use, this is a finding.
Fix Text (F-37875r1_fix)
Configure the DNS system to ensure the name server software utilizes only secure ports and protocols required for operation which have been accepted for use as per the Ports, Protocols, and Services Category Assignments List (CAL) from DISA (PPSM)..