WINS lookups is not prohibited on a Windows 2000 DNS server.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4505 | DNS0825 | SV-4505r1_rule | ECSC-1 | High |
| Description |
|---|
| Integration of WINS and Windows 2000 DNS leaves Windows 2000 DNS open to all the vulnerabilities of WINS, including the ability to update records without authentication. |
| STIG | Date |
|---|---|
| Windows DNS | 2015-12-28 |
Details
| Check Text ( C-3566r1_chk ) |
|---|
| The reviewer will validate the "Use WINS forward lookup" is not checked on the “WINS” tab on the properties dialog of each zone. If WINS is integrated on a Windows 2000 DNS server, then this is a finding. |
| Fix Text (F-4390r1_fix) |
|---|
| The SA should disable any integration between DNS and WINS as soon as it feasible to do so. If WINS is required for legacy applications, then DNS clients will need to be reconfigured to use WINS rather than DNS for NetBIOS name resolution. The SA should uncheck Use WINS forward lookup on the WINS tab on the properties dialog of each zone. |