Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-205183 | SRG-APP-000219-DNS-000029 | SV-205183r961110_rule | Medium |
Description |
---|
DNS is a fundamental network service that is prone to various attacks, such as cache poisoning and man-in-the middle attacks. If communication sessions are not provided appropriate validity protections, such as the employment of DNSSEC, the authenticity of the data cannot be guaranteed. |
STIG | Date |
---|---|
Domain Name System (DNS) Security Requirements Guide | 2024-07-02 |
Check Text ( C-5450r392462_chk ) |
---|
Review the DNS server configuration to determine if communication sessions for dynamic updates are provided authenticity protection. If communications sessions do not employ authenticity protections, this is a finding. |
Fix Text (F-5450r392463_fix) |
---|
Configure the DNS server to employ mechanisms to protect the authenticity of communications sessions for dynamic updates. |