Domain Name System (DNS) Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The key file must be owned by the account under which the name server software is run.
<VulnDiscussion>To enable zone transfer (requests and responses) through authenticated messages, it is necessary to generate a key for every ...Rule Medium Severity -
SRG-APP-000176
<GroupDescription></GroupDescription>Group -
Read/Write access to the key file must be restricted to the account that runs the name server software only.
<VulnDiscussion>To enable zone transfer (requests and responses) through authenticated messages, it is necessary to generate a key for every ...Rule Medium Severity -
SRG-APP-000176
<GroupDescription></GroupDescription>Group -
Only the private key corresponding to the ZSK alone must be kept on the name server that does support dynamic updates.
<VulnDiscussion>The private keys in the KSK and ZSK key pairs must be protected from unauthorized access. If possible, the private keys shoul...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules