UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DNS server implementation must validate the binding of the other DNS servers identity to the DNS information for a server-to-server transaction (e.g., zone transfer).


Overview

Finding ID Version Rule ID IA Controls Severity
V-205198 SRG-APP-000349-DNS-000043 SV-205198r879726_rule Medium
Description
Validation of the binding of the information prevents the modification of information between production and review. The validation of bindings can be achieved, for example, by the use of cryptographic checksums. Validations must be performed automatically. DNSSEC and TSIG/SIG(0) technologies are not effective unless the digital signatures they generate are validated to ensure that the information has not been tampered with and that the producer's identity is legitimate.
STIG Date
Domain Name System (DNS) Security Requirements Guide 2024-02-27

Details

Check Text ( C-5465r392507_chk )
Review the DNS server implementation configuration to determine if the DNS server validates the binding of the other DNS server's identity to the DNS information for a server-to-server transaction (e.g., zone transfer). If the DNS server does not validate the binding of the other DNS server's identity to the DNS information, this is a finding.
Fix Text (F-5465r392508_fix)
Configure the DNS server to validate the binding of the other DNS server's identity to the DNS information for a server-to-server transaction (e.g., zone transfer).