The DNS implementation must support the requirement to activate an alarm and/or automatically shut down the information system if an application component failure is detected. This can include conducting a graceful application shutdown to avoid losing information.

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DNS implementation must support the requirement to activate an alarm and/or automatically shut down the information system if an application component failure is detected. This can include conducting a graceful application shutdown to avoid losing information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34239	SRG-NET-000274-DNS-000152	SV-44718r1_rule		Medium

Description
Predictable failure prevention requires organizational planning to address system failure issues. If components key to maintaining system's security fail to function, the system could continue operating in an insecure state. If appropriate actions are not taken when a DNS component failure occurs, a Denial of Service (DoS) condition may occur.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2012-10-24

Details

Check Text ( C-42223r1_chk )
Review the DNS system configuration to verify the system activates an alarm and/or triggers a server shutdown when a DNS component failure is detected. If the DNS does not take either or both actions, this is a finding.

Fix Text (F-38170r1_fix)
Configure the DNS system so that it activates an alarm and/or automatically shuts down the DNS server if an application component failure is detected.