The Exchange Edge server must point to a trusted list of DNS servers for external and internal resolution.
An XCCDF Rule
Description
<VulnDiscussion>To mitigate the risk of possible erroneous queries that may have been coopted by bad actors, the Exchange Edge server must use DNS servers that utilize DNSSEC to resolve external hosts and internal hosts before routing messages to the appropriate destination.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-259636r961587_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Verify in the EDSP or consult with the appropriate personnel who manage which DNS servers to use for Internal and External DNS resolution.
If a GUID for the External and Internal network adapters are applicable, then gather the values to populate the appropriate properties with the following commands:
netsh lan show interfaces