The platform on which the name server software is hosted must only run processes and services needed to support the BIND 9.x implementation.
An XCCDF Rule
Description
<VulnDiscussion>Hosts that run the name server software should not provide any other services. Unnecessary services running on the DNS server can introduce additional attack vectors leading to the compromise of an organization’s DNS architecture.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-207534r879887_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Disable or uninstall all non-DNS related applications from the BIND 9.x server.