The DNS implementation must support the requirement to activate an alarm and/or automatically shut down the information system if an application component failure is detected. This can include conducting a graceful application shutdown to avoid losing information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34239 | SRG-NET-000274-DNS-000152 | SV-44718r1_rule | Medium |
| Description |
|---|
| Predictable failure prevention requires organizational planning to address system failure issues. If components key to maintaining system's security fail to function, the system could continue operating in an insecure state. If appropriate actions are not taken when a DNS component failure occurs, a Denial of Service (DoS) condition may occur. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-42223r1_chk ) |
|---|
| Review the DNS system configuration to verify the system activates an alarm and/or triggers a server shutdown when a DNS component failure is detected. If the DNS does not take either or both actions, this is a finding. |
| Fix Text (F-38170r1_fix) |
|---|
| Configure the DNS system so that it activates an alarm and/or automatically shuts down the DNS server if an application component failure is detected. |