The DNS implementation must support the requirement to centrally manage the content of audit records generated by DNS components.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33982 | SRG-NET-000081-DNS-000040 | SV-44435r1_rule | Medium |
| Description |
|---|
| Auditing and logging are key components of any security architecture. Centrally managing audit data provides for easier management of DNS events and is an effective facility for monitoring and the automatic generation of alert notification. The repository of audit data can facilitate troubleshooting when problems are encountered and can assist in performing root cause analysis. A repository of audit data can also be correlated in real time to identify suspicious behavior or be archived for review at a later time for research and analysis. Centralized management of audit records and logs provides for efficiency in maintenance and management of records, as well as the backup and archiving of those records. If auditing is not comprehensive and managed effectively, it will not be useful for intrusion monitoring, security investigations, and forensic analysis. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-41986r1_chk ) |
|---|
| Review the DNS system configuration to determine if audit record content is sent to a centralized audit log repository. If the DNS system is not configured to support centralized logging and auditing, this is a finding. |
| Fix Text (F-37897r1_fix) |
|---|
| Configure the DNS server to send generated log records to a centralized logging facility. Additionally, configure the audit facility of the DNS system to send audit records to a centralized audit facility. |