Vulnerability V-259383

Note: This check is not applicable for Windows DNS Servers that host only Active Directory-integrated zones or for Windows DNS Servers on a classified network. Log onto each of the validating Windows DNS Servers. In the DNS Manager console tree, navigate to each hosted zone under the "Trust Points" folder. Two DNSKEY trust points should be displayed, one for the active key and one for the standby key. If each validating Windows DNS Server does not reflect the DNSKEY trust points for each of the hosted zone(s), this is a finding.

Log onto the primary DNS server and click Windows Explorer on the taskbar. Navigate to C:\Windows\System32, right-click the DNS folder, point to "Share with", and then click "Advanced sharing". In the "DNS Properties" dialog box, click "Advanced Sharing", select the "Share this folder" check box, verify the Share name is "DNS", and then click "OK". Click "Close" and then close Windows Explorer. Log on to each of the validating Windows DNS Servers. In the DNS Manager console tree, navigate to the "Trust Points" folder. Right-click "Trust Points", point to "Import", and then click "DNSKEY". In the "Import DNSKEY" dialog box, type \\primaryhost\dns\keyset-domain.mil (where primaryhost represent the FQDN of the Primary DNS Server and domain.mil represents the zone or zones). Click "OK".