1.1.2 Utilize a Split-Horizon Architecture | |
1.1.3 Slave DNS servers | |
1.2 Validate Name Registration Security | |
1.3 Secure DNS service operating platform | |
1.4 Verify Security of Forwarding Partners | |
2.1.1 Secure Installation via ISC Source | SYSTEM AND INFORMATION INTEGRITY |
2.3.2 RedHat bind-chroot Rpm '/var/named/chroot/var/log' | |
3.2.1 Restrict Recursive Queries | SYSTEM AND COMMUNICATIONS PROTECTION |
3.2.2 Restrict Query Origins 'mynets' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.2.3 Restrict Access to Cache 'trusted, local IP network' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.3.1 dnssec-keygen Algorithms 'HMAC-SHA256' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.3.1 dnssec-keygen Algorithms 'IN KEY' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.3.2 Include TSIG key in named.conf 'TSIG key 1 permissions' | |
3.3.2 Include TSIG key in named.conf 'TSIG key 1' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.3.2 Include TSIG key in named.conf 'TSIG key 2 permissions' | |
3.3.2 Include TSIG key in named.conf 'TSIG key 2' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.4 Restrict Zone-Transfers 'allow-transfer' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.4 Restrict Zone-Transfers 'Zone Transfer Server 1' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.4 Restrict Zone-Transfers 'Zone Transfer Server 2' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.5.1 Using Update Policy 'grant' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.5.1 Using Update Policy 'keys' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.5.1 Using Update Policy 'type master' | CONFIGURATION MANAGEMENT |
3.5.1 Using Update Policy 'update-policy' | CONFIGURATION MANAGEMENT |
3.5.1 Using Update Policy 'zone' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.5.2 Enable GSS-TSIG 'algorithm' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.5.2 Enable GSS-TSIG 'key' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.5.2 Enable GSS-TSIG 'tkey-domain' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.5.2 Enable GSS-TSIG 'tkey-gssapi-credential' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.5.3 DHCID | CONFIGURATION MANAGEMENT |
3.6 Implement DNSSEC 'INCLUDE' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.8 Ignore erroneous or unwanted traffic 'Private RFC 1918 addresses' | SYSTEM AND COMMUNICATIONS PROTECTION |
4.1 Ensure revision current | SYSTEM AND INFORMATION INTEGRITY |
4.4 Defend against Denial of Service Attacks | |
CIS DNS BIND 9.0 - 9.5 v2.0.0 | |