Detections
Analytics

CIS BIND DNS v1.0.0 L2 Authoritative Name Server

Audit Details

Name: CIS BIND DNS v1.0.0 L2 Authoritative Name Server

Updated: 6/17/2024

Authority: CIS

Plugin: Unix

Revision: 1.8

Estimated Item Count: 19

File Details

Filename: CIS_ISC_BIND_DNS_Server_9.11_Benchmark_v1.0.0_L2_Authoritative.audit

Size: 46.1 kB

MD5: baac79f6c0c9de6f35036dff1538ac36
SHA256: 8f038404a75db1cb6c2802cc227731a6ed4f403e894d12c079d4a755db875f40

Audit Items

DescriptionCategories
2.9 Isolate BIND with chroot'ed Subdirectory

ACCESS CONTROL

5.1 Securely Authenticate Zone Transfers

IDENTIFICATION AND AUTHENTICATION

7.4 Ensure Either SPF or DKIM DNS Records are Configured

SYSTEM AND COMMUNICATIONS PROTECTION

8.1 Install the Haveged Package for Enhanced Entropy
8.2 Ensure Signing Keys are Generated with a Secure Algorithm

SYSTEM AND COMMUNICATIONS PROTECTION

8.3 Ensure Any Signing Keys using RSA Have a Length of 2048 or Greater

SYSTEM AND COMMUNICATIONS PROTECTION

8.4 Restrict Access to Zone and Key Signing Keys

ACCESS CONTROL

8.5 Ensure each Zone has a Valid Digital Signature

IDENTIFICATION AND AUTHENTICATION

8.6 Ensure Full Digital Chain of Trust can be Validated

SYSTEM AND COMMUNICATIONS PROTECTION

8.7 Ensure Signing Keys are Unique

SYSTEM AND COMMUNICATIONS PROTECTION

8.8 Ensure Zones are Signed with NSEC or NSEC3

SYSTEM AND INFORMATION INTEGRITY

9.6 Ensure Signing Keys are Scheduled to be Replaced Periodically - KSK

SYSTEM AND COMMUNICATIONS PROTECTION

9.6 Ensure Signing Keys are Scheduled to be Replaced Periodically - ZSK

SYSTEM AND COMMUNICATIONS PROTECTION

10.1 Ensure SELinux Is Enabled in Enforcing Mode - config file

ACCESS CONTROL

10.1 Ensure SELinux Is Enabled in Enforcing Mode - current mode

ACCESS CONTROL

10.2 Ensure BIND Processes Run in the named_t Confined Context Type

ACCESS CONTROL

10.3 Ensure the named_t Process Type is Not in Permissive Mode

ACCESS CONTROL

10.4 Ensure Only the Necessary SELinux Booleans are Enabled

SYSTEM AND INFORMATION INTEGRITY

CIS_ISC_BIND_DNS_Server_9.11_Benchmark_v1.0.0_L2_Authoritative.audit