Skip to content

BIND 9.x Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000213-DNS-000024

    <GroupDescription></GroupDescription>
    Group
  • A BIND 9.x server implementation must maintain the integrity and confidentiality of DNS information while it is being prepared for transmission, in transmission, and in use and t must perform integrity verification and data origin verification for all DNS information.

    &lt;VulnDiscussion&gt;DNSSEC is required for securing the DNS query/response transaction by providing data origin authentication and data integrity...
    Rule High Severity
  • SRG-APP-000214-DNS-000025

    <GroupDescription></GroupDescription>
    Group
  • A BIND 9.x server implementation must provide the means to indicate the security status of child zones.

    &lt;VulnDiscussion&gt;If name server replies are invalid or cannot be validated, many networking functions and communication would be adversely aff...
    Rule Medium Severity
  • SRG-APP-000214-DNS-000079

    <GroupDescription></GroupDescription>
    Group
  • The BIND 9.x server validity period for the RRSIGs covering the DS RR for zones delegated children must be no less than two days and no more than one week.

    &lt;VulnDiscussion&gt;The best way for a zone administrator to minimize the impact of a key compromise is by limiting the validity period of RRSIGs...
    Rule Medium Severity
  • SRG-APP-000516-DNS-000099

    <GroupDescription></GroupDescription>
    Group
  • The core BIND 9.x server files must be owned by the root or BIND 9.x process account.

    &lt;VulnDiscussion&gt;Discretionary Access Control (DAC) is based on the premise that individual users are "owners" of objects and therefore have d...
    Rule Medium Severity
  • SRG-APP-000516-DNS-000099

    <GroupDescription></GroupDescription>
    Group
  • The core BIND 9.x server files must be group owned by a group designated for DNS administration only.

    &lt;VulnDiscussion&gt;Discretionary Access Control (DAC) is based on the premise that individual users are "owners" of objects and therefore have d...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules