From Infoblox 7.x DNS Security Technical Implementation Guide
Part of SRG-APP-000516-DNS-000500
Associated with: CCI-000366
The Infoblox Grid Master is the central point of management within an Infoblox Grid. The Grid Master retains a full copy of the configuration used for the entire Grid. The Grid Master should communicate to Grid Members using their Management port connected to an Out Of Band (OOB) network which clients cannot access.
Note: For Infoblox DNS systems on a Classified network, this requirement is Not Applicable. Navigate to Grid >> Grid Manager >> Members tab. Review the Grid Master network configuration and verify placement on an OOB network. Review services enabled on the Grid Master and verify that no client services are enabled. The only acceptable service allowed is DNS when the Grid utilizes DNSSEC signed zones. The Grid Master must have DNS enabled to sign DNSSEC zones. If DNSSEC is enabled, verify that the Grid Master marked as "Stealth" for any zone. If an Infoblox Grid Member does not utilize the MGMT port for configuration through an OOB connection, this is a finding.
Navigate to Grid >> Grid Manager >> Members tab. Edit each member and configure the MGMT port on the Network tab and enable VPN over MGMT on the Advanced portion of the Network tab. Grid Masters and Grid Master candidates utilize the LAN1 port for communication and should not allow any direct client access.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer