The network element must have DNS servers defined if it is configured as a client resolver.

From Perimeter Router Security Technical Implementation Guide Juniper

Part of DNS servers must be defined for client resolver.

SV-15331r2_rule The network element must have DNS servers defined if it is configured as a client resolver.

Vulnerability discussion

The susceptibility of IP addresses to spoofing translates to DNS host name and IP address mapping vulnerabilities. For example, suppose a source host wishes to establish a connection with a destination host and queries a DNS server for the IP address of the destination host name. If the response to this query is the IP address of a host operated by an attacker, the source host will establish a connection with the attackers host, rather than the intended target. The user on the source host might then provide logon, authentication, and other sensitive data.

Check content

Review the active configuration to ensure that DNS servers have been defined similar to the following example: [edit system] name server { 192.168.1.253; 192.168.1.254; } Note: Since JUNOS will not send a DNS query to resolve names to IP addresses if a name server is not defined, this will never be a finding.

Fix text

Configure the device to include DNS servers or disable domain lookup.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer