The DNS implementation must enforce configurable traffic volume thresholds representing auditing capacity for network traffic to be logged.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33987	SRG-NET-000086-DNS-000045	SV-44440r1_rule		Medium

Description
It is critical when a system is at risk of failing to process audit logs, as required, actions are automatically taken to mitigate the failure or risk of failure. One method used by attackers is to thwart the auditing system by attempting to overwhelm the auditing system with large amounts of irrelevant data. The end result being audit logs that are either overwritten and activity thereby erased, or disk space that is exhausted and any future activity is no longer logged. If the system configuration does not allocate the auditing system to a separate disk space or configure appropriate capacity values, this may result in a system outage creating a denial of service to the network services utilizing the DNS.

Description

It is critical when a system is at risk of failing to process audit logs, as required, actions are automatically taken to mitigate the failure or risk of failure. One method used by attackers is to thwart the auditing system by attempting to overwhelm the auditing system with large amounts of irrelevant data. The end result being audit logs that are either overwritten and activity thereby erased, or disk space that is exhausted and any future activity is no longer logged. If the system configuration does not allocate the auditing system to a separate disk space or configure appropriate capacity values, this may result in a system outage creating a denial of service to the network services utilizing the DNS.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2012-10-24

Details

Check Text ( C-41991r1_chk )
Review the DNS vendor documentation to determine whether the DNS implementation is capable of enforcing configurable traffic volume thresholds. If the DNS implementation is capable of enforcing configurable traffic volume thresholds based on the configured audit capacity, review the DNS system configuration to determine whether enforcement is enabled. If enforcement of configurable traffic volume thresholds or if enforcement of configurable traffic volume thresholds is not enabled, this is a finding. If the DNS implementation is not capable of enforcing configurable traffic volume thresholds or if enforcement of configurable traffic volume thresholds is not enabled, this is a finding.

Check Text ( C-41991r1_chk )

Review the DNS vendor documentation to determine whether the DNS implementation is capable of enforcing configurable traffic volume thresholds.

If the DNS implementation is capable of enforcing configurable traffic volume thresholds based on the configured audit capacity, review the DNS system configuration to determine whether enforcement is enabled.

If enforcement of configurable traffic volume thresholds or if enforcement of configurable traffic volume thresholds is not enabled, this is a finding.

If the DNS implementation is not capable of enforcing configurable traffic volume thresholds or if enforcement of configurable traffic volume thresholds is not enabled, this is a finding.

Fix Text (F-37902r1_fix)
Configure the DNS system to enforce the configurable traffic volume thresholds based upon the auditing capacity values. If the DNS implementation is not capable of enforcing traffic volume, implement a DNS which is capable of enforcing configurable traffic volume thresholds.