The DNS implementation logging facility must be configured to reduce the likelihood of log record capacity being exceeded.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33984 | SRG-NET-000083-DNS-000042 | SV-44437r1_rule | Medium |
| Description |
|---|
| The DNS implementation needs to be cognizant of potential audit log storage capacity issues. During the installation and/or configuration process, the DNS should detect and determine if adequate storage capacity has been allocated for audit logs. If audit record storage capacity is exceeded, audit logs could be overwritten, not captured at all, or there is a potential for the system to shut down due to audit log failure if incorrectly configured. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-41988r1_chk ) |
|---|
| Review the DNS system configuration settings to determine whether logging is configured to produce logs consistent with the amount of space allocated for logging. If log files are configured as round-robin and the allocated amount of space configured for logging is adequate to ensure an organization defined period of data collection before overwrite occurs, this is not a finding. If auditing is configured to generate logs in excess of the capacity allocated, this is a finding. |
| Fix Text (F-37899r1_fix) |
|---|
| Configure the DNS system to generate logs that will not exceed the logging capacity as allocated to support the auditing function. The use of round-robin logs of sufficient size to ensure an organization defined period of data collection before overwrite occurs is allowed. |