NET0820 - The network element must have DNS servers defined if it is configured as a client resolver - DNS Server 2

Information

The susceptibility of IP addresses to spoofing translates to DNS host name and IP address mapping vulnerabilities. For example, suppose a source host wishes to establish a connection with a destination host and queries a DNS server for the IP address of the destination host name. If the response to this query is the IP address of a host operated by an attacker, the source host will establish a connection with the attackers host, rather than the intended target. The user on the source host might then provide logon, authentication, and other sensitive data.

Solution

Configure the device to include DNS servers or disable domain lookup.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Network_Infrastructure_Router_L3_Switch_V8R27_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-21, CAT|III, Rule-ID|SV-15331r2_rule, STIG-ID|NET0820, Vuln-ID|V-3020

Plugin: Juniper

Control ID: e274e9df05d8fbad56bd2c523eb29485c59583fd4bb173537ddc89df02950979