The DNS implementation must use internal system clocks to generate time stamps for audit records.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34037	SRG-NET-000096-DNS-000053	SV-44490r1_rule		Medium

Description
Determining the correct time a particular event occurred within the DNS architecture is critical when conducting forensic analysis and investigating system events. Without the use of an approved and synchronized time source, configured on the systems, events cannot be accurately correlated and analyzed to determine what is transpiring within the DNS implementation. If an event has been triggered on the network, and the DNS is not configured with the correct time, the event may be seen as insignificant, when in reality the events are related and may have a larger impact across the network. Synchronization of system clocks is needed in order to correctly correlate the timing of events that occur across multiple DNS systems. Determining the correct time a particular event occurred on a system, via time stamps, is critical when conducting forensic analysis and investigating system events.

Description

Determining the correct time a particular event occurred within the DNS architecture is critical when conducting forensic analysis and investigating system events. Without the use of an approved and synchronized time source, configured on the systems, events cannot be accurately correlated and analyzed to determine what is transpiring within the DNS implementation. If an event has been triggered on the network, and the DNS is not configured with the correct time, the event may be seen as insignificant, when in reality the events are related and may have a larger impact across the network. Synchronization of system clocks is needed in order to correctly correlate the timing of events that occur across multiple DNS systems. Determining the correct time a particular event occurred on a system, via time stamps, is critical when conducting forensic analysis and investigating system events.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2012-10-24

Details

Check Text ( C-42005r1_chk )
Review the DNS configuration to determine if audit logs are being generated with time stamps derived from the underlying internal system. If time stamps on audit logs are based on something other than the system clock or a DNS clock synchronized with the system clock, this is a finding.

Fix Text (F-37953r1_fix)
Configure the DNS implementation to use internal system clocks to generate time stamps for audit records.