The DNS implementation must provide the capability to automatically process log records for events of interest based upon selectable criteria.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34036 | SRG-NET-000095-DNS-000052 | SV-44489r1_rule | Medium |
| Description |
|---|
| Due to the numerous functions a DNS implementation processes, log files can become extremely large because of the volume of data. The more processes that are logged, more log data is collected. This can become very difficult to analyze manually; therefore, it is important to process them automatically and tailor the views of the data to only those events of interest based upon selectable criteria. Without the automation of log processing, based upon events of interest to security personnel, log files will not be viewed accurately and actions will not be taken when a significant event occurs on the system because it can be too overwhelming. Significant or meaningful events may be missed due to the sheer volume of data if logs are reviewed manually. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-42004r1_chk ) |
|---|
| Review the DNS audit capability configuration to determine whether it provides the ability to automatically process audit records for events based on selectable event criteria. If the ability to automatically process audit records for events based on selectable event criteria does not exist in the DNS implementation, this is a finding. |
| Fix Text (F-37952r1_fix) |
|---|
| Ensure the DNS implementation has the capability to automatically process log records for events of interest based upon selectable criteria. |