From Infoblox 7.x DNS Security Technical Implementation Guide
Part of SRG-APP-000516-DNS-000092
Associated with: CCI-000366
Instead of having the same set of authoritative name servers serve different types of clients, an enterprise could have two different sets of authoritative name servers.
Validation of this configuration item requires review of the network architecture and security configuration in addition to DNS server configuration to validate external name servers are not accessible from the internal network when a split DNS configuration is implemented. Navigate to Data Management >> DNS >> Members/Servers tab. Review both the network configuration, and access control of each Infoblox member which has the DNS service running. Select each grid member and click "Edit". Review the "Queries" tab to ensure both queries and recursion options are enabled and allowed only from the respective client networks. If a split DNS configuration is not utilized, this is not a finding. If there is no access control configured or access control does not restrict queries and recursion to the respective client network, this is a finding.
Navigate to Data Management >> DNS >> Members/Servers tab. Select each grid member and click "Edit". Enable and configure either an Access Control List (ACL) or Set of Access Control Entries (ACE). When complete, click "Save & Close" to save the changes and exit the "Properties" screen. Perform a service restart if necessary.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer