| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServerDNS_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 6DFE955F064B250F5DB20A0A73767541A3B1FBEC ~~~~~ All Active Directory-Integrated Forward Lookup Zones have Dynamic Updates configured to 'Secure Only'. Comments |
|||||
Check Text
Log on to the DNS server using the Domain Admin or Enterprise Admin account or Local Administrator account. Press the Windows key + R and execute "dnsmgmt.msc". On the opened DNS Manager snap-in from the left pane, expand the server name and then expand "Forward Lookup Zones". From the expanded list, click to select the zone. Once selected, right-click the name of the zone. From the displayed context menu, click the "Properties" option. On the opened domain's properties box, click the "General" tab. Verify the "Type:" is "Active Directory-Integrated". Verify "Dynamic updates" has "Secure only" selected. If the zone is "Active Directory-Integrated" and "Dynamic updates" are not configured for "Secure only", this is a finding.
Fix Text
Log on to the DNS server using the Domain Admin or Enterprise Admin account or Local Administrator account. Press the Windows key + R and execute "dnsmgmt.msc". On the opened DNS Manager snap-in from the left pane, expand the server name and then expand "Forward Lookup Zones". From the expanded list, click to select the zone. Once selected, right-click the name of the zone. From the displayed context menu, click the "Properties" option. On the opened domain's properties box, click the "General" tab. If the "Type:" is not "Active Directory-Integrated", configure the zone for Active Directory integration. Select "Secure only" from the "Dynamic updates:" drop-down list.