Skip to content

Infoblox DNS servers must protect the authenticity of communications sessions for dynamic updates.

An XCCDF Rule

Description

DNS is a fundamental network service that is prone to various attacks, such as cache poisoning and man-in-the middle attacks. Communication sessions between different DNS clients and servers should employ protections such as DNSSEC or TSIG to validate the integrity of data being transmitted.

ID
SV-233918r621666_rule
Version
IDNS-8X-700013
Severity
Medium
References
Updated

Remediation Templates

A Manual Procedure

Infoblox Systems can be configured in two ways to limit DDNS client updates. Refer to the Administrator Guide for detailed instructions.

For clients that support GSS-TSIG: 
1. Navigate to Data Management >> DNS >> Members tab. 
2. Review each server with the DNS service enabled.
3. Select each server, click "Edit", toggle Advanced Mode, and select GSS-TSIG.