Vulnerability V-259347

Note: This check is not applicable if Windows DNS Server is only serving as a caching server and does not host any zones authoritatively. Log on to the DNS server using the Domain Admin or Enterprise Admin account or Local Administrator account. Press the Windows key + R and execute "dnsmgmt.msc". On the opened DNS Manager snap-in from the left pane, expand the server name for the DNS server and then expand "Forward Lookup Zones". From the expanded list, click to select the zone. Review the NS records for the zone. Verify each of the name servers, represented by the NS records, is active. At a command prompt on any system, type: nslookup <enter>; At the nslookup prompt, type: server ###.###.###.### <enter>; (where the ###.###.###.### is replaced by the IP of each NS record) Enter a FQDN for a known host record in the zone. If the NS server does not respond at all or responds with a nonauthoritative answer, this is a finding.

If DNS servers are Active Directory (AD) integrated, troubleshoot and remedy the replication problem where the nonresponsive name server is not being updated. If DNS servers are not AD integrated, log on to the DNS server using the Domain Admin or Enterprise Admin account or Local Administrator account. Press the Windows key + R and execute "dnsmgmt.msc". On the opened DNS Manager snap-in from the left pane, expand the server name for the DNS server, and then expand "Forward Lookup Zones". From the expanded list, click to select the zone. Review the NS records for the zone. Select the NS record for the nonresponsive name server and remove the record.