Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Infoblox 7.x DNS Security Technical Implementation Guide
SRG-APP-000176-DNS-000094
Only the private key corresponding to the ZSK alone must be kept on the name server that does support dynamic updates.
Only the private key corresponding to the ZSK alone must be kept on the name server that does support dynamic updates.
An XCCDF Rule
Details
Profiles
Prose
Only the private key corresponding to the ZSK alone must be kept on the name server that does support dynamic updates.
Medium Severity
<VulnDiscussion>Infoblox systems when deployed in a Grid configuration store DNSSEC keys on the designated Grid Master system. As the central point of administration, the Grid Master should be configured for administration of the DNS, DHCP, and IP Address Management (IPAM) system. No clients should be configured to utilize the Grid Master or backup Candidate systems for protocol transactions. An alternative solution is through deployment of a Hardware Security Module (HSM), which provides hardware encrypted storage of key data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>