CIS ISC BIND 9.0/9.5 v2.0.0

Audit Details

Name: CIS ISC BIND 9.0/9.5 v2.0.0

Updated: 4/25/2022

Authority: CIS

Plugin: Unix

Revision: 1.29

Estimated Item Count: 34

File Details

Filename: CIS_BIND_9.0_9.5_v2.0.0.audit

Size: 82.6 kB

MD5: e837947bb4347e4abf4f5ceefcbccd36
SHA256: 5e651f23b051b36ea9d18f195d38e74c067f262e32f3fdb635dc032032a3b682

Audit Items

DescriptionCategories
1.1.2 Utilize a Split-Horizon Architecture
1.1.3 Slave DNS servers
1.2 Validate Name Registration Security
1.3 Secure DNS service operating platform
1.4 Verify Security of Forwarding Partners
2.1.1 Secure Installation via ISC Source

SYSTEM AND INFORMATION INTEGRITY

2.3.2 RedHat bind-chroot Rpm '/var/named/chroot/var/log'
3.2.1 Restrict Recursive Queries

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.2 Restrict Query Origins 'mynets'

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.3 Restrict Access to Cache 'trusted, local IP network'

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1 dnssec-keygen Algorithms 'HMAC-SHA256'

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1 dnssec-keygen Algorithms 'IN KEY'

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.2 Include TSIG key in named.conf 'TSIG key 1 permissions'
3.3.2 Include TSIG key in named.conf 'TSIG key 1'

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.2 Include TSIG key in named.conf 'TSIG key 2 permissions'
3.3.2 Include TSIG key in named.conf 'TSIG key 2'

SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Restrict Zone-Transfers 'allow-transfer'

SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Restrict Zone-Transfers 'Zone Transfer Server 1'

SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Restrict Zone-Transfers 'Zone Transfer Server 2'

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.1 Using Update Policy 'grant'

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.1 Using Update Policy 'keys'

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.1 Using Update Policy 'type master'

CONFIGURATION MANAGEMENT

3.5.1 Using Update Policy 'update-policy'

CONFIGURATION MANAGEMENT

3.5.1 Using Update Policy 'zone'

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2 Enable GSS-TSIG 'algorithm'

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2 Enable GSS-TSIG 'key'

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2 Enable GSS-TSIG 'tkey-domain'

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2 Enable GSS-TSIG 'tkey-gssapi-credential'

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3 DHCID

CONFIGURATION MANAGEMENT

3.6 Implement DNSSEC 'INCLUDE'

SYSTEM AND COMMUNICATIONS PROTECTION

3.8 Ignore erroneous or unwanted traffic 'Private RFC 1918 addresses'

SYSTEM AND COMMUNICATIONS PROTECTION

4.1 Ensure revision current

SYSTEM AND INFORMATION INTEGRITY

4.4 Defend against Denial of Service Attacks
CIS DNS BIND 9.0 - 9.5 v2.0.0