| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-259383 | CAT II | MONT-DC-003 | Microsoft Windows Server Domain Name Sys... | Trust anchors must be exported from authoritative ... | - | |||
Check TextNote: This check is not applicable for Windows DNS Servers that host only Active Directory-integrated zones or for Windows DNS Servers on a classified network. Log onto each of the validating Windows DNS Servers. In the DNS Manager console tree, navigate to each hosted zone under the "Trust Points" folder. Two DNSKEY trust points should be displayed, one for the active key and one for the standby key. If each validating Windows DNS Server does not reflect the DNSKEY trust points for each of the hosted zone(s), this is a finding. Fix TextLog onto the primary DNS server and click Windows Explorer on the taskbar. Navigate to C:\Windows\System32, right-click the DNS folder, point to "Share with", and then click "Advanced sharing". In the "DNS Properties" dialog box, click "Advanced Sharing", select the "Share this folder" check box, verify the Share name is "DNS", and then click "OK". Click "Close" and then close Windows Explorer. Log on to each of the validating Windows DNS Servers. In the DNS Manager console tree, navigate to the "Trust Points" folder. Right-click "Trust Points", point to "Import", and then click "DNSKEY". In the "Import DNSKEY" dialog box, type \\primaryhost\dns\keyset-domain.mil (where primaryhost represent the FQDN of the Primary DNS Server and domain.mil represents the zone or zones). Click "OK". Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServerDNS_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: A14A79735BD283F3F019111E748C74455976803D ~~~~~ All zones hosted on this server are Active Directory-integrated so this requirement is NA.
Source: _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_WinServerDNS_V2R3_20251023-172313.ckl
Scan Date: 2026-01-14T12:57:38.179760
Technology Area: Domain Name System
|
||||||||