Title

A zone or name server does not have a backup administrator. (Cat II impact)

Discussion

If there is no backup DNS administrator, then there is nobody to assist during a security emergency when the primary administrator is unavailable. In some cases, a backup administrator can also detect problems introduced by the first administrator before these problems are allowed to propagate. Personnel redundancy is as important as technology redundancy for the DNS availability.

Check Content

If the site POC cannot produce a list of backup personnel authorized to administer each zone and name server, then this is a finding. If any zone or name server has only one DNS database administrator or only one DNS software administrator, then this is a finding. If there is not a backup administrator for both roles, then this is a finding.

Fix Text

Working with appropriate resource managers, the IAO should identify a backup DNS administrator for each zone and name server under the IAOs scope of responsibility.

Additional Identifiers

Rule ID: SV-13886r1_rule

Vulnerability ID: V-13314

Group Title: Zone/name server does not have backup admin.

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.