From Infoblox 7.x DNS Security Technical Implementation Guide
Part of SRG-APP-000142-DNS-000014
Associated with: CCI-000382
In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable or restrict unused or unnecessary physical and logical ports/protocols on information systems.
Note: For Infoblox DNS systems on a Classified network, this requirement is Not Applicable. By default all services other than those required for management are disabled. Validate that no additional services have been enabled for DNS members. Navigate to Grid >> Grid Manager >> Services tab and review each service and member status at the top of the panel. Depending upon purchased options, Infoblox DNS members may be running DNS, Reporting, Threat Protection, Threat Analytics, and TAXII services, this is not a finding. If any unnecessary services such as file distribution services are enabled on the DNS members, this is a finding. Note: Once DNSSEC is enabled, the DNS service will be required to be running on the Grid Master.
Navigate to Grid >> Grid Manager >> Services tab. Select each available service at the top of the panel and review the Service Status. Click on the member and disable unnecessary services.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer