Skip to content
Catalogs
XCCDF
Infoblox 8.x DNS Security Technical Implementation Guide
SRG-APP-000516-DNS-000091
For zones split between the external and internal sides of a network, the resource records (RRs) for the external hosts must be separate from the RRs for the internal hosts.
For zones split between the external and internal sides of a network, the resource records (RRs) for the external hosts must be separate from the RRs for the internal hosts. An XCCDF Rule
For zones split between the external and internal sides of a network, the resource records (RRs) for the external hosts must be separate from the RRs for the internal hosts.
Medium Severity
<VulnDiscussion>Authoritative name servers for an enterprise may be configured to receive requests from both external and internal clients.
External clients need to receive RRs that pertain only to public services (public web server, mail server, etc.)
Internal clients need to receive RRs pertaining to public services as well as internal hosts.
Organizations using dedicated internal systems and separate dedicated external systems are inherently more secure than using a single system accessed by both internal and external clients.
DNS Views allow a single name server to provide different response data based on a client match list or Access Control List.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>