The DNS implementation must invoke a shutdown of the DNS service in the event of an audit failure unless an alternative audit capability exists.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34122	SRG-NET-000171-DNS-000108	SV-44575r1_rule		Medium

Description
Auditing and logging are key components of the DNS architecture. It is essential for security personnel to know what is being performed on the system, where an event occurred, when an event occurred, and by whom the event was triggered, in order to compile an accurate risk assessment. It is critical when the DNS is at risk of failing to process audit logs, as required, it takes action to mitigate the failure. If the system were to continue processing without auditing enabled, actions and events can take place on the system that cannot be tracked and recorded for later forensic analysis.

Description

Auditing and logging are key components of the DNS architecture. It is essential for security personnel to know what is being performed on the system, where an event occurred, when an event occurred, and by whom the event was triggered, in order to compile an accurate risk assessment. It is critical when the DNS is at risk of failing to process audit logs, as required, it takes action to mitigate the failure. If the system were to continue processing without auditing enabled, actions and events can take place on the system that cannot be tracked and recorded for later forensic analysis.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2012-10-24

Details

Check Text ( C-42082r1_chk )
Review the DNS audit configuration to determine if the system is configured to shut down upon audit failure if no other means of audit is in place. If the system is not configured to shut down upon audit failure, this is a finding.

Fix Text (F-38032r1_fix)
Configure the DNS implementation to invoke a shutdown of the DNS service in the event of an audit failure, unless an alternative audit capability exists.