The Infoblox system must restrict the ability of individuals to use the DNS server to launch denial-of-Service (DoS) attacks against other information systems.

An XCCDF Rule

Description

<VulnDiscussion>The Infoblox system must restrict the ability of individuals to use the DNS server to launch DoS attacks against other information systems.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-233921r621666_rule
Severity: Medium
References: CCI-001094
Updated: about 1 year ago

1. Navigate to Data Management >> DNS >> Grid DNS Properties. 
2. Select the "Queries" tab. 
3. For external authoritative name servers, disable "Allow Recursion" by clearing the check box.  
4. For internal name servers, on the "Updates" tab, configure either an ACL or ACE for "Allow updates from".  
5. On the "Queries" tab, configure either an ACL or ACE for "Allow queries from".  
6. When complete, click "Save & Close" to save the changes and exit the "Properties" screen. 7. Perform a service restart if necessary.

The Infoblox system must restrict the ability of individuals to use the DNS server to launch denial-of-Service (DoS) attacks against other information systems.

Description

Remediation - Manual Procedure