Infoblox 7.x DNS Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000516-DNS-000101
Group -
SRG-APP-000516-DNS-000102
Group -
SRG-APP-000142-DNS-000014
Group -
SRG-APP-000176-DNS-000094
Group -
The DHCP service must not be enabled on an external authoritative name server.
The site DNS and DHCP architecture must be reviewed to ensure only the appropriate services are enabled on each Grid Member. An external authoritative name server must be configured to allow only a...Rule Medium Severity -
SRG-APP-000516-DNS-000500
Group -
SRG-APP-000001-DNS-000001
Group -
Infoblox systems which perform zone transfers to non-Infoblox Grid DNS servers must be configured to limit the number of concurrent sessions for zone transfers.
Limiting the number of concurrent sessions reduces the risk of Denial of Service (DoS) to the DNS implementation. Infoblox DNS servers configured in a Grid do not utilize zone transfers; data is r...Rule Low Severity -
Primary authoritative name servers must be configured to only receive zone transfer requests from specified secondary name servers.
Authoritative name servers (especially primary name servers) should be configured with an allow-transfer access control substatement designating the list of hosts from which zone transfer requests ...Rule Medium Severity -
Infoblox systems configured to run the DNS service must be configured to prohibit or restrict unapproved ports and protocols.
In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.