The Infoblox DNS server implementation must maintain the integrity of information during reception.
An XCCDF Rule
Description
<VulnDiscussion>Information can be unintentionally or maliciously disclosed or modified during reception, including, for example, during aggregation, at protocol transformation points, and during packing/unpacking. These unauthorized disclosures or modifications compromise the confidentiality or integrity of the information. Confidentiality is not an objective of DNS, but integrity is. DNS is responsible for maintaining the integrity of DNS information while it is being received.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-233926r621666_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Note: Ensure DNSSEC is configured to meet all other STIG requirements prior to signing a zone to avoid signing with an unapproved configuration.
1. Navigate to Data Management >> DNS >> Zones.
2. Select the appropriate zone using the check box. Using the "DNSSEC" drop-down menu, select "Sign Zones".
3. Follow prompts to acknowledge zone signing.
4. Perform a service restart if necessary.