UCF STIG Viewer Logo

Network devices must have DNS servers defined if it is configured as a client resolver.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3020 NET0820 SV-3020r3_rule Low
Description
The susceptibility of IP addresses to spoofing translates to DNS host name and IP address mapping vulnerabilities. For example, suppose a source host wishes to establish a connection with a destination host and queries a DNS server for the IP address of the destination host name. If the response to this query is the IP address of a host operated by an attacker, the source host will establish a connection with the attacker's host, rather than the intended target. The user on the source host might then provide logon, authentication, and other sensitive data.
STIG Date
Layer 2 Switch Security Technical Implementation Guide 2017-12-07

Details

Check Text ( C-3584r5_chk )
Review the device configuration to ensure DNS servers have been defined if it has been configured as a client resolver (name lookup).

If the device is configured as a client resolver and DNS servers are not defined, this is a finding.
Fix Text (F-3045r2_fix)
Configure the device to include DNS servers or disable domain lookup.