Skip to content

BIND 9.x Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000247-DNS-000036

    <GroupDescription></GroupDescription>
    Group
  • A BIND 9.x server implementation must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks.

    &lt;VulnDiscussion&gt;A DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot ...
    Rule Medium Severity
  • SRG-APP-000246-DNS-000035

    <GroupDescription></GroupDescription>
    Group
  • A BIND 9.x server implementation must prohibit recursion on authoritative name servers.

    &lt;VulnDiscussion&gt;A potential vulnerability of DNS is that an attacker can poison a name server's cache by sending queries that will cause the ...
    Rule Medium Severity
  • SRG-APP-000516-DNS-000088

    <GroupDescription></GroupDescription>
    Group
  • The master servers in a BIND 9.x implementation must notify authorized secondary name servers when zone files are updated.

    &lt;VulnDiscussion&gt;It is important to maintain the integrity of a zone file. The serial number of the SOA record is used to indicate to secondar...
    Rule Low Severity
  • SRG-APP-000516-DNS-000088

    <GroupDescription></GroupDescription>
    Group
  • The secondary name servers in a BIND 9.x implementation must be configured to initiate zone update notifications to other authoritative zone name servers.

    &lt;VulnDiscussion&gt;It is important to maintain the integrity of a zone file. The serial number of the SOA record is used to indicate to secondar...
    Rule Low Severity
  • SRG-APP-000516-DNS-000110

    <GroupDescription></GroupDescription>
    Group
  • The BIND 9.X implementation must not utilize a TSIG or DNSSEC key for more than one year.

    &lt;VulnDiscussion&gt;Cryptographic keys are the backbone of securing DNS information over the wire, maintaining DNS data integrity, and the provid...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules