Domain Name System (DNS) Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The private key corresponding to the ZSK, stored on name servers accepting dynamic updates, must have appropriate directory/file-level access control list-based or cryptography-based protections.
<VulnDiscussion>The private keys in the KSK and ZSK key pairs must be protected from unauthorized access. If possible, the private keys shoul...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
The private keys corresponding to both the ZSK and the KSK must not be kept on the DNSSEC-aware primary authoritative name server when the name server does not support dynamic updates.
<VulnDiscussion>The private keys in the KSK and ZSK key pairs must be protected from unauthorized access. If possible, the private keys shoul...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
The DNS server implementation must implement the capability to centrally review and analyze audit records from multiple components within the system.
<VulnDiscussion>Automated mechanisms for centralized reviews and analyses include Security Information and Event Management products.</Vul...Rule Medium Severity -
SRG-APP-000795
<GroupDescription></GroupDescription>Group -
SRG-APP-000915
<GroupDescription></GroupDescription>Group -
A zone file must not include resource records that resolve to a fully qualified domain name residing in another zone.
<VulnDiscussion>If a name server were able to claim authority for a resource record in a domain for which it was not authoritative, this woul...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
CNAME records must not point to a zone with lesser security for more than six months.
<VulnDiscussion>The use of CNAME records for exercises, tests, or zone-spanning aliases should be temporary (e.g., to facilitate a migration)...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.