V-259352
CAT IIFor zones split between the external and internal sides of a network, the resource records (RRs) for the external hosts must be separate from the RRs for the internal hosts.
- Ships Affected
- 1
- Total Findings
- 1
- Open
- 0
- Closed
- 1
Check Text
Log on to the DNS server using the Domain Admin or Enterprise Admin account or Local Administrator account.
Press the Windows key + R and execute "dnsmgmt.msc".
On the opened DNS Manager snap-in from the left pane, expand the server name for the DNS server and then expand "Forward Lookup Zones".
From the expanded list, click to select the zone.
For each zone, review the records.
If any RRs on an internal DNS server resolve to IP addresses located outside the internal DNS server's network, this is a finding.
If any RRs on an external DNS server resolve to IP addresses located inside the network, this is a finding.
Fix Text
Remove any RRs from the internal zones for which the resolution is for an external IP address.
Remove any RRs from the external zones for which the resolution is for an internal IP address.
STIG Reference
- STIG
- Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide
- Version
- 2
- Release
- 4
- Rule ID
- SV-259352r961863_rule
All Occurrences
This vulnerability appears on 1 ship(s)
| Ship | Hull # | Source File | Status | Assigned To | Scan Date | Actions |
|---|---|---|---|---|---|---|
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_WinServerDNS_V2R3_20251023-172313.ckl | Unassigned | 2026-01-14T12:57:38.179760 | View in Context |