3.1 Ensure DNS services are configured correctly

Information

Sets DNS server(s) to be used by the appliance to perform DNS queries

Rationale:

The security appliance may perform DNS queries in order to achieve URL filtering or threat protection against Botnet traffic.

Solution

Step 1: Run the following to enable the DNS lookup

hostname(config)# dns domain-lookup <interface_name>

<interface_name> is the name of the interface connected to the DNS server

Step 2: Configure the group of DNS servers

hostname(config)# dns server-group DefaultDNS

Step 3: Acquire the enterprise authorized DNS servers' IP addresses <dns_ip_address> and for each of them, run the following command to configure the DNS server in the DNS server group

hostname(config-dns-server-group)#name-server <dns_ip_address>

See Also

https://workbench.cisecurity.org/benchmarks/7194

Item Details

Category: CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-6, 800-53|CM-7, 800-53|CP-6, 800-53|CP-7, 800-53|PL-8, 800-53|PM-7, 800-53|SA-8, 800-53|SC-7, 800-53|SC-23, CSCv7|11.1

Plugin: Cisco

Control ID: 77c0c82caba7592c4b29a71ac2b2d03bd678cac0bdfcee3bec2ac2ca442f3f51