Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The DNS implementation must be fault-tolerant.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34261 | SRG-NET-000304-DNS-000165 | SV-44740r1_rule | High |
| Description |
|---|
| A critical component of securing an information system is ensuring its availability. The best way to ensure availability is to eliminate any single point of failure in the system itself and in the network architecture that supports it. DNS is one of the backbone services of any network, without DNS, host name to IP resolution cannot be performed. In order to eliminate single points of failure and to enhance redundancy, there are typically at least two authoritative domain name system (DNS) servers, one configured as primary and the other as secondary. Additionally, the two servers are commonly located in two different network subnets and geographically separated (i.e., not located in the same physical facility). |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-42245r1_chk ) |
|---|
| Review the DNS implementation to determine if the architecture and systems have built in redundancy and fault tolerance for all zones. If fault tolerance and redundancy are not built into the system, this is a finding. |
| Fix Text (F-38192r1_fix) |
|---|
| Configure the DNS architecture and systems to be fault tolerant and redundant for all zones. |