Navigate

Check: IDNS-7X-001000

Infoblox 7.x DNS STIG: IDNS-7X-001000 (in versions v2 r1 through v1 r2)

Title

The DHCP service must not be enabled on an external authoritative name server. (Cat II impact)

Discussion

The site DNS and DHCP architecture must be reviewed to ensure only the appropriate services are enabled on each Grid Member. An external authoritative name server must be configured to allow only authoritative DNS.

Check Content

Navigate to Grid >> Grid Manager >> Services tab. Select "DHCP" and verify only internal Infoblox members have the service enabled. If an external authoritative name server has DHCP enabled this is a finding.

Fix Text

Navigate to Data Management >> DHCP >> Members/Servers tab. Select the Infoblox member using the check box and click "Stop" in the toolbar to disable the "DHCP" service.

Additional Identifiers

Rule ID: SV-214225r612370_rule

Vulnerability ID: V-214225

Group Title: SRG-APP-000142-DNS-000014

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000382	The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-7	Least Functionality