The DNS implementation must be configured to identify and respond to potential security-relevant error conditions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34237	SRG-NET-000272-DNS-000150	SV-44716r1_rule		Medium

Description
Error messages generated by various elements within the DNS components and services can indicate a possible security violation or breach. The DNS system must be configured to be able to recognize those error messages that can be a symptom of a compromise and to provide notification. DNS logs can be monitored for specific security related errors. Any error that can have a negative effect on DNS security should be quickly identified and forwarded to the appropriate personnel. If security-relevant error conditions are not identified by the DNS implementation they may be overlooked by the personnel responsible for addressing them.

Description

Error messages generated by various elements within the DNS components and services can indicate a possible security violation or breach. The DNS system must be configured to be able to recognize those error messages that can be a symptom of a compromise and to provide notification. DNS logs can be monitored for specific security related errors. Any error that can have a negative effect on DNS security should be quickly identified and forwarded to the appropriate personnel. If security-relevant error conditions are not identified by the DNS implementation they may be overlooked by the personnel responsible for addressing them.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2012-10-24

Details

Check Text ( C-42221r1_chk )
Review the DNS system configuration and log settings to determine whether security related error conditions are monitored and whether appropriate personnel are notified. If security related error conditions are not being monitored, this is a finding.

Fix Text (F-38168r1_fix)
Configured the DNS system to identify and respond to potential security-relevant error conditions.