Disable Client Dynamic DNS Updates

An XCCDF Rule

Description

Dynamic DNS allows clients to dynamically update their own DNS records. The updates are transmitted by unencrypted means which can reveal information to a potential malicious user. If the system does not require Dynamic DNS, remove all DHCP_HOSTNAME references from the /etc/sysconfig/network-scripts/ifcfg-interface scripts. If dhclient is used, remove all send host-name hostname references from the /etc/dhclient.conf configuration file and/or any reference from the /etc/dhcp directory.

Rationale

Dynamic DNS updates transmit unencrypted information about a system including its name and address and should not be used unless needed.

ID: xccdf_org.ssgproject.content_rule_network_disable_ddns_interfaces
Severity: Medium
References: 11 3 9

BAI10.01 BAI10.02 BAI10.03 BAI10.05

CCI-000366

4.3.4.3.2 4.3.4.3.3

SR 7.6

A.12.1.2 A.12.5.1 A.12.6.2 A.14.2.2 A.14.2.3 A.14.2.4

CM-6(a) CM-7(a) CM-7(b)

PR.IP-1

SRG-OS-000480-GPOS-00227
Updated: about 1 year ago