UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DNS server must authenticate devices before establishing network connections using bidirectional authentication between cryptographically based devices.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34102 SRG-NET-000151-DNS-000091 SV-44555r1_rule Medium
Description
A DNS server must have a level of trust with any node wanting to connect to it. To safeguard these connections, it is imperative that any device connecting to a DNS system from the network authenticate itself prior to being granted access. In the case of peering neighbors, the authentication must be bidirectional. Regardless of the paradigm, authentication must use a form of cryptography to ensure a high level of trust and authenticity.
STIG Date
Domain Name System (DNS) Security Requirements Guide 2012-10-24

Details

Check Text ( C-42061r1_chk )
Review the DNS server configuration to verify zone transfer connections are cryptographically authenticated.

If connections are not cryptographically authenticated, this is a finding.
Fix Text (F-38012r1_fix)
Configure the DNS server to ensure zone transfer connections are cryptographically authenticated.