BIND 9.x Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000516-DNS-000087
Group -
On a BIND 9.x server all authoritative name servers for a zone must be located on different network segments.
Most enterprises have an authoritative primary server and a host of authoritative secondary name servers. It is essential that these authoritative name servers for an enterprise be located on diffe...Rule Medium Severity -
SRG-APP-000516-DNS-000088
Group -
SRG-APP-000516-DNS-000102
Group -
SRG-APP-000516-DNS-000102
Group -
On a BIND 9.x server all root name servers listed in the local root zone file hosted on a BIND 9.x authoritative name server must be empty or removed.
A potential vulnerability of DNS is that an attacker can poison a name servers cache by sending queries that will cause the server to obtain host-to-IP address mappings from bogus name servers that...Rule Low Severity -
SRG-APP-000516-DNS-000113
Group -
On the BIND 9.x server a zone file must not include resource records that resolve to a fully qualified domain name residing in another zone.
If a name server were able to claim authority for a resource record in a domain for which it was not authoritative, this would pose a security risk. In this environment, an adversary could use illi...Rule Medium Severity -
SRG-APP-000516-DNS-000114
Group -
SRG-APP-000516-DNS-000500
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.