| 1.1 Ensure DNS server is configured | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.7 Ensure DNS is servers are configured - nameserver 1 | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.7 Ensure DNS is servers are configured - nameserver 2 | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.5 Ensure hostname is set | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.6 Ensure DNS server is configured - primary | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Ensure DNS services are configured correctly - name-server | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.16 [LEGACY] Ensure That Microsoft Defender for DNS Is Set To 'On' | CIS Microsoft Azure Foundations v3.0.0 L2 | microsoft_azure | RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2 Restrict Recursive Queries - Authoritative Name Server | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4 Restrict Queries of the Cache - Authoritative Only | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4 CIFS - 'dns.domainname has been configured' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4 CIFS - 'dns.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4 CIFS - 'dns.update.enable = on or secure' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.7.4 The default namespace should not be used | CIS RedHat OpenShift Container Platform v1.6.0 L2 | OpenShift | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Ensure Root Domain Alias Record Points to ELB | CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Ensure a DNS alias record for the root domain | CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure Either SPF or DKIM DNS Records are Configured | CIS BIND DNS v1.0.0 L2 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3 Ensure Any Signing Keys using RSA Have a Length of 2048 or Greater | CIS BIND DNS v1.0.0 L2 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Adtran : Ensure a trusted, primary DNS server is set | TNS Adtran AOS Best Practice Audit | Adtran | SYSTEM AND COMMUNICATIONS PROTECTION |
| Adtran : Ensure a trusted, secondary DNS server is set | TNS Adtran AOS Best Practice Audit | Adtran | SYSTEM AND COMMUNICATIONS PROTECTION |
| BIND-9X-001200 - A BIND 9.x server implementation must maintain the integrity and confidentiality of DNS information while it is being prepared for transmission, in transmission, and in use and t must perform integrity verification and data origin verification for all DNS information. | DISA BIND 9.x STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| DNS Profile - Address - DNS Server 1 | Tenable Cisco ACI | Cisco_ACI | SYSTEM AND COMMUNICATIONS PROTECTION |
| DNS Profile - Address - DNS Server 2 | Tenable Cisco ACI | Cisco_ACI | SYSTEM AND COMMUNICATIONS PROTECTION |
| DNS: A trusted primary DNS server is configured | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| DNS: A trusted secondary DNS server is configured | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure DNS services are configured correctly - name-server | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure DNS services are configured correctly - name-server | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | SYSTEM AND COMMUNICATIONS PROTECTION |
| FireEye - The appliance uses a trusted DNS server | TNS FireEye | FireEye | SYSTEM AND COMMUNICATIONS PROTECTION |
| Fortigate - DNS - primary server | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| Fortigate - DNS - secondary server | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| SonicWALL - Review the DNS Server Settings | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND COMMUNICATIONS PROTECTION |
| WatchGuard : DNS Servers | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000003 - The Windows 2012 DNS Servers IP address must be statically defined and configured locally on the server. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000004 - The Windows 2012 DNS Server must return data information in responses to internal name/address resolution queries. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000005 - The Windows 2012 DNS Server must use DNSSEC data within queries to confirm data origin to DNS resolvers. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
