UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DNS implementation must provide an audit reduction capability.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34034 SRG-NET-000093-DNS-000050 SV-44487r1_rule Medium
Description
Due to the numerous functions a DNS implementation processes, log files can become extremely large because of the volume of data. The more processes that are logged, more log data is collected. This can become very difficult to analyze manually; therefore, it is important to process them automatically and tailor the views of the data to only those events of interest based upon selectable criteria. Without the automation of log processing, based upon events of interest to security personnel, log files will not be viewed accurately and actions will not be taken when a significant event occurs on the system because it can be too overwhelming. Significant or meaningful events may be missed due to the sheer volume of data if logs are reviewed manually. Reducing the auditing capability to only those events that are significant aids in supporting near real-time audit review and analysis requirements and after-the-fact investigations of security incidents.
STIG Date
Domain Name System (DNS) Security Requirements Guide 2012-10-24

Details

Check Text ( C-42002r1_chk )
Review the DNS system configuration for audit reduction capabilities. If the DNS server does not have an audit reduction capability, it must be provided by the underlying platform. If neither the DNS implementation, nor underlying platform on which it resides, provides the capability for audit log reduction, this is a finding.
Fix Text (F-37950r1_fix)
Configure the DNS system to utilize an audit log reduction capability, or to utilize a separate tool, or host system, to provide audit reduction.