The network element must monitor and control traffic at both the external and internal boundary interfaces.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34155	SRG-NET-000205-DNS-NA	SV-44608r1_rule		Medium

Description
Audit logs are necessary to provide a trail of evidence in case the network is compromised. With this information, the network administrator can devise ways to block the attack and possibly identify and prosecute the attacker. Information supplied by log data is used for forensic analysis in support of incident, as well as to aid with normal traffic analysis. It is imperative all inbound and outbound blocked traffic be logged. Boundary protection is not a function of DNS.

Description

Audit logs are necessary to provide a trail of evidence in case the network is compromised. With this information, the network administrator can devise ways to block the attack and possibly identify and prosecute the attacker. Information supplied by log data is used for forensic analysis in support of incident, as well as to aid with normal traffic analysis. It is imperative all inbound and outbound blocked traffic be logged. Boundary protection is not a function of DNS.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2012-10-24

Details

Check Text ( C-42115r1_chk )
This is not a function of DNS.

Fix Text (F-38065r1_fix)
This requirement is NA for DNS. No fix required.