The Windows DNS Server must maintain the integrity of information during reception.

An XCCDF Rule

Description

<VulnDiscussion>Information can be unintentionally or maliciously disclosed or modified during preparation for transmission, including, for example, during aggregation, at protocol transformation points, and during packing/unpacking. These unauthorized disclosures or modifications compromise the confidentiality or integrity of the information.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-259399r961641_rule
Severity: Medium
References: CCI-002422
Updated: 17 days ago

Sign or re-sign the hosted zone(s) on the DNS server being validated.

Log on to the Windows DNS Server using the Domain Admin or Enterprise Admin account.

Press the Windows key + R and execute "dnsmgmt.msc".
On the opened DNS Manager snap-in from the left pane, expand the server name for the DNS server, and then expand "Forward Lookup Zones".

From the expanded list, right-click to select the zone (repeat for each hosted zone), point to DNSSEC, and then click "Sign the Zone" using either approved saved parameters or approved custom parameters.

The Windows DNS Server must maintain the integrity of information during reception.

Description

Remediation - Manual Procedure