The network element must employ automated mechanisms to enforce strict adherence to protocol format.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34149	SRG-NET-000200-DNS-NA	SV-44602r1_rule		Medium

Description
Crafted packets not conforming to Institute of Electrical and Electronics Engineers (IEEE) standards can be used by malicious people to exploit a host's protocol stack to create a Denial of Service (DoS) or force a device reset, bypass security gateway filtering, or compromise a vulnerable device. It is imperative these packets are recognized and discarded at the network perimeter. Protocol enforcement is not a function of DNS.

Description

Crafted packets not conforming to Institute of Electrical and Electronics Engineers (IEEE) standards can be used by malicious people to exploit a host's protocol stack to create a Denial of Service (DoS) or force a device reset, bypass security gateway filtering, or compromise a vulnerable device. It is imperative these packets are recognized and discarded at the network perimeter. Protocol enforcement is not a function of DNS.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2012-10-24

Details

Check Text ( C-42109r1_chk )
This is not a function of DNS.

Fix Text (F-38059r1_fix)
This requirement is NA for DNS. No fix required.