V-259340
CAT IIThe Windows DNS name servers for a zone must be geographically dispersed.
- Ships Affected
- 1
- Total Findings
- 1
- Open
- 0
- Closed
- 0
Check Text
Windows DNS Servers that are Active Directory (AD) integrated must be located where required to meet the AD services.
If all the Windows DNS Servers are AD integrated, this check is not applicable.
If any or all the Windows DNS Servers are standalone and non-AD integrated, verify their geographic location with the system administrator.
If any or all of the authoritative name servers are located in the same building as the primary authoritative name server and the primary authoritative name server is not "hidden", this is a finding.
Fix Text
For non-AD integrated Windows DNS Servers, distribute secondary authoritative servers to be in different buildings from the primary authoritative server.
STIG Reference
- STIG
- Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide
- Version
- 2
- Release
- 4
- Rule ID
- SV-259340r1156964_rule
All Occurrences
This vulnerability appears on 1 ship(s)
| Ship | Hull # | Source File | Status | Assigned To | Scan Date | Actions |
|---|---|---|---|---|---|---|
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_WinServerDNS_V2R3_20251023-172313.ckl | Unassigned | 2026-01-14T12:57:38.179760 | View in Context |