The DNS implementation must provide a report generation capability.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34035	SRG-NET-000094-DNS-000051	SV-44488r1_rule		Medium

Description
Due to the numerous functions a DNS implementation processes, log files can become extremely large because of the volume of data. The more processes that are logged, more log data is collected. This can become very difficult to analyze manually; therefore, it is important to process them automatically, tailor the views of the data to only those events of interest based upon selectable criteria, and provide a report generation capability. Without the automation of log processing, based upon events of interest to security personnel, log files will not be viewed accurately and actions will not be taken when a significant event occurs on the system because it can be too overwhelming. Significant or meaningful events may be missed due to the sheer volume of data if logs are reviewed or generated manually. Reducing the auditing capability to only those events that are significant and providing a report generation capability, aids in supporting near real-time audit review and analysis requirements and after-the-fact investigations of security incidents. In order to identify and report on what (repetitive) data has been removed via the use of audit reduction, the DNS implementation must provide a capability to generate reports containing what values were removed by the audit reduction.

Description

Due to the numerous functions a DNS implementation processes, log files can become extremely large because of the volume of data. The more processes that are logged, more log data is collected. This can become very difficult to analyze manually; therefore, it is important to process them automatically, tailor the views of the data to only those events of interest based upon selectable criteria, and provide a report generation capability. Without the automation of log processing, based upon events of interest to security personnel, log files will not be viewed accurately and actions will not be taken when a significant event occurs on the system because it can be too overwhelming. Significant or meaningful events may be missed due to the sheer volume of data if logs are reviewed or generated manually. Reducing the auditing capability to only those events that are significant and providing a report generation capability, aids in supporting near real-time audit review and analysis requirements and after-the-fact investigations of security incidents. In order to identify and report on what (repetitive) data has been removed via the use of audit reduction, the DNS implementation must provide a capability to generate reports containing what values were removed by the audit reduction.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2012-10-24

Details

Check Text ( C-42003r1_chk )
Review the DNS system configuration for report generation, specific to audit reduction capabilities. If the DNS server does not have a report generation for audit reduction capability, it must be provided by a separate application of underlying platform. If neither the DNS implementation, nor underlying platform on which it resides, provides the capability for audit log reduction, this is a finding.

Check Text ( C-42003r1_chk )

Review the DNS system configuration for report generation, specific to audit reduction capabilities. If the DNS server does not have a report generation for audit reduction capability, it must be provided by a separate application of underlying platform. If neither the DNS implementation, nor underlying platform on which it resides, provides the capability for audit log reduction, this is a finding.

Fix Text (F-37951r1_fix)
Ensure the DNS implementation has the capability to provide audit log report generation capability, or to utilize a separate tool, or host system, to provide audit reduction.