| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-259334 | CAT II | MONT-DC-003 | Microsoft Windows Server Domain Name Sys... | The Windows DNS Server must restrict incoming dyna... | - | |||
Check TextLog on to the DNS server using the Domain Admin or Enterprise Admin account or Local Administrator account. Press the Windows key + R and execute "dnsmgmt.msc". On the opened DNS Manager snap-in from the left pane, expand the server name and then expand "Forward Lookup Zones". From the expanded list, click to select the zone. Once selected, right-click the name of the zone. From the displayed context menu, click the "Properties" option. On the opened domain's properties box, click the "General" tab. Verify the "Type:" is "Active Directory-Integrated". Verify "Dynamic updates" has "Secure only" selected. If the zone is "Active Directory-Integrated" and "Dynamic updates" are not configured for "Secure only", this is a finding. Fix TextLog on to the DNS server using the Domain Admin or Enterprise Admin account or Local Administrator account. Press the Windows key + R and execute "dnsmgmt.msc". On the opened DNS Manager snap-in from the left pane, expand the server name and then expand "Forward Lookup Zones". From the expanded list, click to select the zone. Once selected, right-click the name of the zone. From the displayed context menu, click the "Properties" option. On the opened domain's properties box, click the "General" tab. If the "Type:" is not "Active Directory-Integrated", configure the zone for Active Directory integration. Select "Secure only" from the "Dynamic updates:" drop-down list. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServerDNS_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 6DFE955F064B250F5DB20A0A73767541A3B1FBEC ~~~~~ All Active Directory-Integrated Forward Lookup Zones have Dynamic Updates configured to 'Secure Only'.
Source: _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_WinServerDNS_V2R3_20251023-172313.ckl
Scan Date: 2026-01-14T12:57:38.179760
Technology Area: Domain Name System
|
||||||||