| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-259410 | CAT II | MONT-DC-003 | Microsoft Windows Server Domain Name Sys... | A unique Transaction Signature (TSIG) key must be ... | - | |||
Check TextThis check is not applicable for Windows DNS Servers that only host Active Directory-integrated zones or for Windows DNS servers on a classified network. Review the DNS implementation. Verify that each pair of communicating hosts has a unique TSIG key (i.e., a separate key for each secondary name server to authenticate transactions with the primary name server, etc.). If a unique TSIG key has not been generated for each pair of communicating hosts, this is a finding. If using DNSSEC, this requirement is not applicable. Fix TextRegenerate a unique TSIG key for each pair of communicating hosts within the DNS architecture. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServerDNS_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: A14A79735BD283F3F019111E748C74455976803D ~~~~~ All zones hosted on this server are Active Directory-integrated so this requirement is NA.
Source: _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_WinServerDNS_V2R3_20251023-172313.ckl
Scan Date: 2026-01-14T12:57:38.179760
Technology Area: Domain Name System
|
||||||||