The DNS server must authenticate devices before establishing remote network connections using bidirectional authentication between cryptographically based devices.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34100	SRG-NET-000149-DNS-000090	SV-44553r1_rule		Medium

Description
A DNS server must have a level of trust with any other device wanting to connect to it. To safeguard these connections, it is imperative that any device connecting to a DNS system from a remote network authenticate itself prior to being granted access. In the case of peering neighbors, the authentication must be bidirectional. Regardless of the paradigm, authentication must use a form of cryptography to ensure a high level of trust and authenticity.

Description

A DNS server must have a level of trust with any other device wanting to connect to it. To safeguard these connections, it is imperative that any device connecting to a DNS system from a remote network authenticate itself prior to being granted access. In the case of peering neighbors, the authentication must be bidirectional. Regardless of the paradigm, authentication must use a form of cryptography to ensure a high level of trust and authenticity.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2012-10-24

Details

Check Text ( C-42059r1_chk )
Review the DNS server configuration to verify zone transfer connections are cryptographically authenticated. If connections are not cryptographically authenticated, this is a finding.

Fix Text (F-38010r1_fix)
Configure the DNS server to ensure zone transfer connections are cryptographically authenticated.