The DNS server must authenticate an organization defined list of specific devices by device type before establishing a connection.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34099 | SRG-NET-000148-DNS-000089 | SV-44552r1_rule | Medium |
| Description |
|---|
| A DNS server must have a level of trust with any device that has a need to connect to it. The DNS system must allow only devices that are included in an organizational defined list to connect. This may be implemented through the use of MAC or IP addresses ACLs to verify the device attempting to access the DNS system. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-42058r1_chk ) |
|---|
| Review the DNS server configuration to verify only known devices from an organization defined list are allowed to establish connections. If devices not included in the organization defined list are allowed to connect, this is a finding. |
| Fix Text (F-38009r1_fix) |
|---|
| Configure the DNS server to ensure only known devices from an organization defined list are allowed to establish connections. |