The DNS implementation must respond to security function anomalies in accordance with organization defined responses and alternative actions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34233	SRG-NET-000268-DNS-000147	SV-44711r1_rule		Medium

Description
The need to verify security functionality is necessary to ensure the DNS defenses are enabled. If anomalies occur and the system does not respond appropriately, a compromise could occur. For those security functions which are not able to execute automated self-tests, the organization either implements compensating security controls or explicitly accepts the risk of not performing the verification as required. Upon detection of security function anomalies or failure of automated self-tests, the DNS system must respond in accordance with organization defined responses and alternative actions.

Description

The need to verify security functionality is necessary to ensure the DNS defenses are enabled. If anomalies occur and the system does not respond appropriately, a compromise could occur. For those security functions which are not able to execute automated self-tests, the organization either implements compensating security controls or explicitly accepts the risk of not performing the verification as required. Upon detection of security function anomalies or failure of automated self-tests, the DNS system must respond in accordance with organization defined responses and alternative actions.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2012-10-24

Details

Check Text ( C-42217r1_chk )
Review the DNS configuration to determine whether the system responds to security function anomalies in accordance with organization defined responses, such as alarming. If the DNS system does not respond to security anomalies, this is a finding.

Fix Text (F-38164r1_fix)
Ensure the DNS implementation responds to security function anomalies in accordance with organization defined responses and alternative actions.