The DNS implementation must produce log records containing sufficient information to establish the sources of the events.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33978 | SRG-NET-000077-DNS-000037 | SV-44431r1_rule | Medium |
| Description |
|---|
| Auditing and logging are key components of any security architecture. Without information establishing the source of activity, the value of audit records from a forensics perspective is questionable. In order to establish and correlate the series of events leading up to an outage or attack, it is imperative the source or originator of the log record is recorded in all audit trails. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-41982r1_chk ) |
|---|
| Review the DNS server configuration to determine if the source of the events is a configurable option within the audit/logging utility and it is being captured and stored. If the DNS is not configured to capture and store the source of an event, this is a finding. |
| Fix Text (F-37893r1_fix) |
|---|
| Configure the DNS server to produce log records which indicate the source of the events. Additionally, configure the audit facility of the DNS system to provide information to establish the source of events. |