Skip to content
Log In

III - Administrative Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000516-DNS-000102

    Group
    Show

  • On a BIND 9.x server all root name servers listed in the local root zone file hosted on a BIND 9.x authoritative name server must be valid for that zone.

    All caching name servers must be authoritative for the root zone because, without this starting point, they would have no knowledge of the DNS infrastructure and thus would be unable to respond to ...
    Rule Low Severity
    Show

  • SRG-APP-000516-DNS-000102

    Group
    Show

  • On a BIND 9.x server all root name servers listed in the local root zone file hosted on a BIND 9.x authoritative name server must be empty or removed.

    A potential vulnerability of DNS is that an attacker can poison a name servers cache by sending queries that will cause the server to obtain host-to-IP address mappings from bogus name servers that...
    Rule Low Severity
    Show

  • SRG-APP-000516-DNS-000113

    Group
    Show

  • On the BIND 9.x server a zone file must not include resource records that resolve to a fully qualified domain name residing in another zone.

    If a name server were able to claim authority for a resource record in a domain for which it was not authoritative, this would pose a security risk. In this environment, an adversary could use illi...
    Rule Medium Severity
    Show

  • SRG-APP-000516-DNS-000114

    Group
    Show

  • On the BIND 9.x server CNAME records must not point to a zone with lesser security for more than six months.

    The use of CNAME records for exercises, tests, or zone-spanning aliases should be temporary (e.g., to facilitate a migration). When a host name is an alias for a record in another zone, an adversar...
    Rule Low Severity
    Show

  • SRG-APP-000516-DNS-000500

    Group
    Show

  • The BIND 9.x server implementation must prohibit the forwarding of queries to servers controlled by organizations outside of the U.S. Government.

    If remote servers to which DoD DNS servers send queries are controlled by entities outside of the U.S. Government the possibility of a DNS attack is increased. The Enterprise Recursive Service (E...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules