Vulnerability V-259342

Note: If the Windows DNS Server is in the classified network, this check is not applicable. If forwarders are not being used, this is not applicable. Note: In Windows DNS Server, if forwarders are configured, the recursion setting must also be enabled because disabling recursion will disable forwarders. If forwarders are not used, recursion must be disabled. In both cases, the use of root hints must be disabled. Log on to the DNS server using the Domain Admin or Enterprise Admin account or Local Administrator account. Press the Windows key + R and execute "dnsmgmt.msc". On the opened DNS Manager snap-in from the left pane, right-click on the server name for the DNS server and select "Properties". Click the "Forwarders" tab. Review the IP address(es) for the forwarder(s) use. If the DNS server does not forward to another DOD-managed DNS server or to the DOD ERS, this is a finding. If "Use root hints if no forwarders are available" is selected, this is a finding.

Log on to the DNS server using the Domain Admin or Enterprise Admin account or Local Administrator account. Press the Windows key + R and execute "dnsmgmt.msc". On the opened DNS Manager snap-in from the left pane, right-click on the server name for the DNS server and select "Properties". Click the "Forwarders" tab. Replace the forwarders being used with another DOD-managed DNS server or the DOD ERS. Deselect "Use root hints if no forwarders are available".