Domain Name System (DNS) Security Requirements Guide
The DNS implementation must protect the authenticity of communications sessions for dynamic updates.
Description
DNS is a fundamental network service that is prone to various attacks, such as cache poisoning and man-in-the middle attacks. If communication sessions are not provided appropriate validity protections, such as the employment of DNSSEC, the authenticity of the data cannot be guaranteed.
Check
C-5450r392462_chk
Review the DNS server configuration to determine if communication sessions for dynamic updates are provided authenticity protection. If communications sessions do not employ authenticity protections, this is a finding.
Fix
F-5450r392463_fix
Configure the DNS server to employ mechanisms to protect the authenticity of communications sessions for dynamic updates.