| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServerDNS_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: EBD1CBF9C835BB34171A1BE7AD4ED430C4F56B9D ~~~~~ All Forward Lookup Zones hosted on this server are Active Directory-integrated so this requirement is NA. Comments |
|||||
Check Text
Note: This check is not applicable for Windows DNS Servers that host only Active Directory-integrated zones or Windows DNS Servers on a classified network. Log on to the DNS server using the account designated as Administrator or DNS Administrator. Press the Windows key + R and execute "dnsmgmt.msc". On the opened DNS Manager snap-in from the left pane, expand the server name for the DNS server and then expand "Forward Lookup Zones". From the expanded list, click to select the zone. Right-click the zone and select DNSSEC >> Properties. Select the "KSK" tab. Verify the "DNSKEY signature validity period (hours):" is set to at least 48 hours and no more than 168 hours. Select the "ZSK" tab. Verify the "DNSKEY signature validity period (hours):" is set to at least 48 hours and no more than 168 hours. If either the "KSK" or "ZSK" tab "DNSKEY signature validity period (hours):" values are set to less than 48 hours or more than 168 hours, this is a finding.
Fix Text
Log on to the DNS server using the account designated as Administrator or DNS Administrator. Press the Windows key + R and execute "dnsmgmt.msc". On the opened DNS Manager snap-in from the left pane, expand the server name for the DNS server and then expand "Forward Lookup Zones". From the expanded list, click to select the zone. Right-click the zone and select DNSSEC >> Properties. Select the "KSK" tab. For the "DNSKEY RRSET signature validity period (hours):" setting, configure to a value between 48 and 168 hours. Select the "ZSK" tab. For the "DNSKEY signature validity period (hours):" setting, configure to a value between 48 and 168 hours.