The DNS server must authenticate devices before establishing network connections using bidirectional authentication between cryptographically based devices.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34102	SRG-NET-000151-DNS-000091	SV-44555r1_rule		Medium

Description
A DNS server must have a level of trust with any node wanting to connect to it. To safeguard these connections, it is imperative that any device connecting to a DNS system from the network authenticate itself prior to being granted access. In the case of peering neighbors, the authentication must be bidirectional. Regardless of the paradigm, authentication must use a form of cryptography to ensure a high level of trust and authenticity.

Description

A DNS server must have a level of trust with any node wanting to connect to it. To safeguard these connections, it is imperative that any device connecting to a DNS system from the network authenticate itself prior to being granted access. In the case of peering neighbors, the authentication must be bidirectional. Regardless of the paradigm, authentication must use a form of cryptography to ensure a high level of trust and authenticity.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2012-10-24

Details

Check Text ( C-42061r1_chk )
Review the DNS server configuration to verify zone transfer connections are cryptographically authenticated. If connections are not cryptographically authenticated, this is a finding.

Fix Text (F-38012r1_fix)
Configure the DNS server to ensure zone transfer connections are cryptographically authenticated.