CIS BIND DNS v1.0.0 L2 Authoritative Name Server

Audit Details

Name: CIS BIND DNS v1.0.0 L2 Authoritative Name Server

Updated: 4/12/2023

Authority: CIS

Plugin: Unix

Revision: 1.7

Estimated Item Count: 19

File Details

Filename: CIS_ISC_BIND_DNS_Server_9.11_Benchmark_v1.0.0_L2_Authoritative.audit

Size: 46.1 kB

MD5: 96029698ebe6146a04bd29d066d1ec18
SHA256: 1c729c496e8c384c25806d7dfdde7bf80f216d8f2bf4c53cbd8255fce833c37b

Audit Items

DescriptionCategories
2.9 Isolate BIND with chroot'ed Subdirectory

ACCESS CONTROL

5.1 Securely Authenticate Zone Transfers

IDENTIFICATION AND AUTHENTICATION

7.4 Ensure Either SPF or DKIM DNS Records are Configured

SYSTEM AND COMMUNICATIONS PROTECTION

8.1 Install the Haveged Package for Enhanced Entropy
8.2 Ensure Signing Keys are Generated with a Secure Algorithm

SYSTEM AND COMMUNICATIONS PROTECTION

8.3 Ensure Any Signing Keys using RSA Have a Length of 2048 or Greater

SYSTEM AND COMMUNICATIONS PROTECTION

8.4 Restrict Access to Zone and Key Signing Keys

ACCESS CONTROL

8.5 Ensure each Zone has a Valid Digital Signature

IDENTIFICATION AND AUTHENTICATION

8.6 Ensure Full Digital Chain of Trust can be Validated

SYSTEM AND COMMUNICATIONS PROTECTION

8.7 Ensure Signing Keys are Unique

SYSTEM AND COMMUNICATIONS PROTECTION

8.8 Ensure Zones are Signed with NSEC or NSEC3

SYSTEM AND INFORMATION INTEGRITY

9.6 Ensure Signing Keys are Scheduled to be Replaced Periodically - KSK

SYSTEM AND COMMUNICATIONS PROTECTION

9.6 Ensure Signing Keys are Scheduled to be Replaced Periodically - ZSK

SYSTEM AND COMMUNICATIONS PROTECTION

10.1 Ensure SELinux Is Enabled in Enforcing Mode - config file

ACCESS CONTROL

10.1 Ensure SELinux Is Enabled in Enforcing Mode - current mode

ACCESS CONTROL

10.2 Ensure BIND Processes Run in the named_t Confined Context Type

ACCESS CONTROL

10.3 Ensure the named_t Process Type is Not in Permissive Mode

ACCESS CONTROL

10.4 Ensure Only the Necessary SELinux Booleans are Enabled

SYSTEM AND INFORMATION INTEGRITY

CIS_ISC_BIND_DNS_Server_9.11_Benchmark_v1.0.0_L2_Authoritative.audit