Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The DNS implementation must protect against or limits the effects of Denial of Service (DoS) attacks.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34140 | SRG-NET-000191-DNS-000117 | SV-44593r1_rule | Medium |
| Description |
|---|
| A denial of service (DoS) attack against the DNS infrastructure has the potential to cause a denial of service to all network users. As the DNS is a distributed backbone service of the Internet, various forms of attacks resulting in DoS, are still prevalent on the Internet today. Without the DNS, users and systems would not have the ability to perform simple name to IP resolution. Configuring the DNS server to defend against cache poisoning, employing increased capacity and bandwidth, building redundancy into the DNS architecture, the use of ""authoritative-only"" name servers, limiting and securing recursive services and TCP concurrent clients, etc., may reduce the susceptibility to some DoS attacks. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-42100r1_chk ) |
|---|
| Review the DNS server to determine if it is configured to protect against and limit the effects of DoS attacks. If the DNS is not configured to limit DoS attacks, this is a finding. |
| Fix Text (F-38050r1_fix) |
|---|
| Configure the DNS server to protect against or limit the effects of DoS attacks. |