9.4 Disable the HTTP Statistics Server

Information

Starting in BIND 9.5.0 there was a new statistics web server included, that is a useful debugging tool in a non-production environment. The HTTP server provides data in XML format about the condition of a BIND 9 server. The statistics server provides the same statistics that are available to the statistics-file dump. This server should be left disabled.

Rationale:

A production name server should not have additional, unnecessary services running, as the additional services increases the risk of vulnerabilities.

Solution

Remove the statistics-channel option from the configuration file.

Default Value:

The HTTP server is disabled by default.

See Also

https://workbench.cisecurity.org/files/2997

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4, CSCv6|9.1, CSCv7|9.2

Plugin: Unix

Control ID: fcead62aaa7a8028a34aa782d2b944e3686bc6e1b285e4088fd597d9963c9e71