The DNS implementation must protect the authenticity of communications sessions for dynamic updates.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-205183 | SRG-APP-000219 | SRG-APP-000219-DNS-000029 | SV-205183r961110_rule | 2024-07-02 | 4 |
| Description |
|---|
| DNS is a fundamental network service that is prone to various attacks, such as cache poisoning and man-in-the middle attacks. If communication sessions are not provided appropriate validity protections, such as the employment of DNSSEC, the authenticity of the data cannot be guaranteed. |
| ℹ️ Check |
|---|
| Review the DNS server configuration to determine if communication sessions for dynamic updates are provided authenticity protection. If communications sessions do not employ authenticity protections, this is a finding. |
| ✔️ Fix |
|---|
| Configure the DNS server to employ mechanisms to protect the authenticity of communications sessions for dynamic updates. |