Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The DNS implementation must activate an organization defined alarm when a system component failure is detected.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34240 | SRG-NET-000274-DNS-000153 | SV-44719r1_rule | Medium |
| Description |
|---|
| Error messages generated by various elements within the DNS components and services can indicate a possible security violation or breach. The DNS system must be configured to recognize those error messages that can be a symptom of a compromise and to provide notification. DNS logs can be monitored for specific security related errors. Any error that can have a negative effect on DNS security should be quickly identified and forwarded to the appropriate personnel. If security-relevant error conditions are not identified by the DNS they may be overlooked by the personnel responsible for addressing them. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-42224r1_chk ) |
|---|
| Review the DNS system settings to determine if it is configured to generate an alarm when a system component failure is detected. If the system is not configured to generate an alarm, this is a finding. |
| Fix Text (F-38171r1_fix) |
|---|
| Configure the DNS system to activate an organization defined alarm when a system component failure is detected. |