Check: DNS0250
BIND DNS STIG:
DNS0250
(in version v4 r1.2)
Title
A unique TSIG key is not generated and utilized for each type of transaction. (Cat III impact)
Discussion
To enable zone transfer (requests and responses) through authenticated messages, it is necessary to generate a key for every pair of name servers. The key also can be used for securing other transactions, such as dynamic updates, DNS queries, and responses.
Check Content
Verify in the named.conf file that the key statement has a unique file name and location depending on transaction type.
Fix Text
The SA will ensure a new TSIG key is generated and utilized for each type of transaction (zone transfer, dynamic updates, etc)
Additional Identifiers
Rule ID: SV-12999r2_rule
Vulnerability ID: V-12440
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |