Infoblox DNS servers must protect the authenticity of communications sessions for dynamic updates.
An XCCDF Rule
Description
<VulnDiscussion>DNS is a fundamental network service that is prone to various attacks, such as cache poisoning and man-in-the middle attacks. Communication sessions between different DNS clients and servers should employ protections such as DNSSEC or TSIG to validate the integrity of data being transmitted.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-233918r621666_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Infoblox Systems can be configured in two ways to limit DDNS client updates. Refer to the Administrator Guide for detailed instructions.
For clients that support GSS-TSIG:
1. Navigate to Data Management >> DNS >> Members tab.
2. Review each server with the DNS service enabled.
3. Select each server, click "Edit", toggle Advanced Mode, and select GSS-TSIG.