The DNS implementation must limit privileges to change software resident within software libraries, including privileged programs.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34067	SRG-NET-000123-DNS-000074	SV-44520r1_rule		Medium

Description
Any changes to the software components of the DNS implementation can potentially have significant effects on the overall security and functionality of the system. Therefore, only qualified and authorized individuals should be allowed to obtain access to the DNS software resident within the software libraries. If the DNS system were to enable non-authorized users to make changes to software libraries, those changes could be implemented without undergoing the appropriate testing, validation, and approval, as well as lead to system degradation and denial of service.

Description

Any changes to the software components of the DNS implementation can potentially have significant effects on the overall security and functionality of the system. Therefore, only qualified and authorized individuals should be allowed to obtain access to the DNS software resident within the software libraries. If the DNS system were to enable non-authorized users to make changes to software libraries, those changes could be implemented without undergoing the appropriate testing, validation, and approval, as well as lead to system degradation and denial of service.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2012-10-24

Details

Check Text ( C-42033r1_chk )
Review the DNS access control restrictions and permissions configured for the DNS software libraries and privileged programs. The permissions on the software library and privileged program files must be limited to authorized, documented administrators only. If excessive permissions are configured for the software library files, this is a finding.

Fix Text (F-37981r1_fix)
Configure the DNS implementation to limit privileges to change software resident within software libraries, including privileged programs.