The DNS implementation must initiate session auditing upon startup.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34268 | SRG-NET-000310-DNS-000171 | SV-44747r1_rule | Medium |
| Description |
|---|
| Without session level auditing, IA and IT professionals do not have the complete picture, in detail, of what is transpiring on their systems. Without the session level auditing capability, it is difficult to determine when a specific action was taken on the system and perform forensic analysis if there is an attack, or troubleshoot a problem. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-42252r1_chk ) |
|---|
| Review the DNS configuration to determine if the system is configured to audit sessions upon start up of the system. Review the log files of the logging utility on the platform to determine if the auditing is actually taking place. If session level auditing is not taking place upon startup of the DNS system, this is a finding. |
| Fix Text (F-38199r1_fix) |
|---|
| Configure the DNS implementation to perform session level auditing upon startup. |