Configure Multiple DNS Servers in /etc/resolv.conf

An XCCDF Rule

Description

Multiple Domain Name System (DNS) Servers should be configured in /etc/resolv.conf. This provides redundant name resolution services in the event that a domain server crashes. To configure the system to contain as least 2 DNS servers, add a corresponding nameserver ip_address entry in /etc/resolv.conf for each DNS server where ip_address is the IP address of a valid DNS server. For example:

search example.com
nameserver 192.168.0.1
nameserver 192.168.0.2

warning alert: Warning

This rule doesn't come with a remediation, the IP addresses of local authoritative name servers need to be added by the administrator.

Rationale

To provide availability for name resolution services, multiple redundant name servers are mandated. A failure in name resolution could lead to the failure of security functions requiring name resolution, which may include time synchronization, centralized authentication, and remote system logging.

ID: xccdf_org.ssgproject.content_rule_network_configure_name_resolution
Severity: Medium
References: 12 15 8

APO13.01 DSS05.02

CCI-000366

SR 3.1 SR 3.5 SR 3.8 SR 4.1 SR 4.3 SR 5.1 SR 5.2 SR 5.3 SR 7.1 SR 7.6

A.13.1.1 A.13.2.1 A.14.1.3

CM-6(a) SC-20(a)

PR.PT-4

SRG-OS-000480-GPOS-00227
Updated: about 1 year ago