Check: SRG-APP-000920-DNS-000320
Domain Name System (DNS) SRG:
SRG-APP-000920-DNS-000320
(in version v4 r1)
Title
The DNS server implementation must synchronize system clocks within and between systems or system components. (Cat II impact)
Discussion
Time synchronization of system clocks is essential for the correct execution of many system services, including identification and authentication processes that involve certificates and time-of-day restrictions as part of access control. Denial of service or failure to deny expired credentials may result without properly synchronized clocks within and between systems and system components. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. The granularity of time measurements refers to the degree of synchronization between system clocks and reference clocks, such as clocks synchronizing within hundreds of milliseconds or tens of milliseconds. Organizations may define different time granularities for system components. Time service can be critical to other security capabilities such as access control and identification and authentications depending on the nature of the mechanisms used to support the capabilities.
Check Content
Verify the DNS server implementation is configured to synchronize system clocks within and between systems or system components. If the DNS server implementation is not configured to synchronize system clocks within and between systems or system components, this is a finding.
Fix Text
Configure the DNS server implementation to synchronize system clocks within and between systems or system components.
Additional Identifiers
Rule ID: SV-263645r982097_rule
Vulnerability ID: V-263645
Group Title: SRG-APP-000920
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-004922 |
Synchronize system clocks within and between systems or system components. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |