The BIND 9.x server implementation must not be configured with a channel to send audit records to null.

From BIND 9.x Security Technical Implementation Guide

Associated with: CCI-001348

SV-87003r1_rule The BIND 9.x server implementation must not be configured with a channel to send audit records to null.

Vulnerability discussion

DNS software administrators require DNS transaction logs for a wide variety of reasons including troubleshooting, intrusion detection, and forensics. Ensuring that the DNS transaction logs are recorded on the local system will provide the capability needed to support these actions. Sending DNS transaction data to the null channel would cause a loss of important data.

Check content

Verify that the BIND 9.x server is not configured to send audit logs to the null channel. Inspect the "named.conf" file for the following: category null { null; } If there is a category defined to send audit logs to the "null" channel, this is a finding.

Fix text

Edit the "named.conf" file. Remove any instance of the following: category null { null; }; Restart the BIND 9.x process.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.