UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DNS name server software must be at the latest version.


Overview

Finding ID Version Rule ID IA Controls Severity
V-205244 SRG-APP-000516-DNS-000103 SV-205244r961863_rule Medium
Description
Each newer version of the name server software, especially the BIND software, generally is devoid of vulnerabilities found in earlier versions because it has design changes incorporated to take care of those vulnerabilities. These vulnerabilities have been exploited (i.e., some form of attack was launched), and sufficient information has been generated with respect to the nature of those exploits. It makes good business sense to run the latest version of name server software because theoretically it is the safest version. Even if the software is the latest version, it is not safe to run it in default mode. The security administrator should always configure the software to run in the recommended secure mode of operation after becoming familiar with the new security settings for the latest version.
STIG Date
Domain Name System (DNS) Security Requirements Guide 2024-07-02

Details

Check Text ( C-5511r392645_chk )
Review the DNS implementation to determine the name server software version.

If the installed name server software version is not the latest production version, this is a finding.
Fix Text (F-5511r392646_fix)
Update the installed name server software with the latest production version.