Skip to content

The platform on which the name server software is hosted must only run processes and services needed to support the BIND 9.x implementation.

An XCCDF Rule

Description

<VulnDiscussion>Hosts that run the name server software should not provide any other services. Unnecessary services running on the DNS server can introduce additional attack vectors leading to the compromise of an organization’s DNS architecture.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-207534r879887_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Disable or uninstall all non-DNS related applications from the BIND 9.x server.