Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The DNS implementation must disable use of non-secure protocols.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33961 | SRG-NET-000067-DNS-000033 | SV-44414r1_rule | Medium |
| Description |
|---|
| In this context an unsecure protocol is one that has not been evaluated and accepted for use as per the Ports, Protocols, and Services Category Assignments List (CAL) from DISA (PPSM). Disabling the use of non-secure protocols is essential to protect the DNS implementation and architecture. If a non-secure protocol is used, it could potentially provide an exploitable path into the DNS infrastructure. As the DNS systems maintain a mapping of IP addresses to host names, this could provide valuable information to an attacker if accessed. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-41971r1_chk ) |
|---|
| Review the DNS system against the most recent Ports, Protocols, and Services Category Assignments List (CAL) from DISA (PPSM), as well as vendor documentation and operating system guidance, to determine if non-secure protocols are installed and listening on the DNS system. If non-secure protocols are in use, this is a finding. |
| Fix Text (F-37875r1_fix) |
|---|
| Configure the DNS system to ensure the name server software utilizes only secure ports and protocols required for operation which have been accepted for use as per the Ports, Protocols, and Services Category Assignments List (CAL) from DISA (PPSM).. |