The DNS implementation must connect to external networks only through managed interfaces (proxy) consisting of boundary protection devices arranged in accordance with an organizational security architecture.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34156 | SRG-NET-000206-DNS-000122 | SV-44609r1_rule | Medium |
| Description |
|---|
| Employment of a DNS proxy is critical to protect internal DoD DNS traffic and access to the DoD authoritative services. Proxy services limit the exposure of authoritative servers and aid in blocking attacks that affect the confidentiality and integrity of the resources that provide the DNS service. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-42116r1_chk ) |
|---|
| Review the DNS implementation and configuration to determine if it connects to external networks only through managed interfaces (proxy) arranged in accordance with an organizational security architecture. If the DNS is not configured to connect through a proxy service, this is a finding. |
| Fix Text (F-38066r1_fix) |
|---|
| Configure the DNS implementation to utilize a managed interface, i.e., proxy, arranged in accordance with an organizational security architecture, for any external connection. |