An error occurred:

Check: BIND-9X-001017

BIND 9.x STIG: BIND-9X-001017 (in versions v2 r3 through v1 r1)

Title

The BIND 9.x server implementation must not be configured with a channel to send audit records to null. (Cat III impact)

Discussion

DNS software administrators require DNS transaction logs for a wide variety of reasons including troubleshooting, intrusion detection, and forensics. Ensuring that the DNS transaction logs are recorded on the local system will provide the capability needed to support these actions. Sending DNS transaction data to the null channel would cause a loss of important data.

Check Content

Verify that the BIND 9.x server is not configured to send audit logs to the null channel. Inspect the "named.conf" file for the following: category null { null; } If there is a category defined to send audit logs to the "null" channel, this is a finding.

Fix Text

Edit the "named.conf" file. Remove any instance of the following: category null { null; }; Restart the BIND 9.x process.

Additional Identifiers

Rule ID: SV-207540r879582_rule

Vulnerability ID: V-207540

Group Title: SRG-APP-000125-DNS-000012

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001348

The information system backs up audit records on an organization-defined frequency onto a different system or system component than the system or component being audited.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-9 (2)

Audit Backup On Separate Physical Systems / Components