V-259348
CAT IIAll authoritative name servers for a zone must be located on different network segments.
- Ships Affected
- 1
- Total Findings
- 1
- Open
- 0
- Closed
- 0
Check Text
Windows DNS Servers that are Active Directory (AD) integrated must be located where required to meet the Active Directory services.
If all of the Windows DNS Servers are AD integrated, this check is not applicable.
If any or all the Windows DNS Servers are standalone and non-AD integrated, verify their geographic location with the system administrator.
If all of the authoritative name servers are located on the same network segment and the primary authoritative name server is not "hidden", this is a finding.
Fix Text
For non-AD-integrated Windows DNS Servers, distribute secondary authoritative servers on separate network segments from the primary authoritative server.
STIG Reference
- STIG
- Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide
- Version
- 2
- Release
- 4
- Rule ID
- SV-259348r1156953_rule
All Occurrences
This vulnerability appears on 1 ship(s)
| Ship | Hull # | Source File | Status | Assigned To | Scan Date | Actions |
|---|---|---|---|---|---|---|
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_WinServerDNS_V2R3_20251023-172313.ckl | Unassigned | 2026-01-14T12:57:38.179760 | View in Context |