From Domain Name System (DNS) Security Requirements Guide
Part of SRG-APP-000425-DNS-000058
Associated with: CCI-002467
If data origin authentication and data integrity verification are not performed, the resultant response could be forged, it may have come from a poisoned cache, the packets could have been intercepted without the resolver's knowledge, or resource records could have been removed that would result in query failure or denial of service. Data integrity verification must be performed to thwart these types of attacks.
Review the DNS server implementation configuration to determine if the DNS server performs data integrity verification on the name/address resolution responses the system receives from authoritative sources. If the DNS server does not perform data integrity verification on the responses, this is a finding.
Configure the DNS server to perform data integrity verification on the name/address resolution responses the system receives from authoritative sources.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer