The DNS implementation must be configured to prohibit or restrict the use of organization defined functions, ports, protocols, and services.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34075 | SRG-NET-000132-DNS-000076 | SV-44528r1_rule | Medium |
| Description |
|---|
| Most information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations. Unneeded services and processes provide additional threat vectors and avenues of attack to the information system. DNS is a highly critical component of the network architecture and it must be configured to only those ports, protocols, and services (PPS) necessary to support DNS functionality, all others must be expressly disabled or removed. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-42041r1_chk ) |
|---|
| Review the DNS system configuration to ensure it only utilizes those PPS required for operation. All other PPS must be disabled or removed from the DNS implementation. Refer to the PPSM Category Assurance List from DISA (PPSM) for the latest DoD PPS guidance. If the DNS implementation utilizes unauthorized ports or services, this is a finding. |
| Fix Text (F-37989r1_fix) |
|---|
| Configure the DNS implementation to prohibit or restrict the use of organization defined functions, ports, protocols, and services to only those required for the DNS implementation. Remove or delete unauthorized PPS. |