STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to BIND 9.x Security Technical Implementation Guide

V-275937

CAT II (Medium)

The BIND 9.x server implementation must have fetches-per-server enabled.

Rule ID

SV-275937r1156959_rule

STIG

BIND 9.x Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-000366

Discussion

The fetches-per-server option in BIND 9.x configures a limit on the number of outstanding requests (fetches) allowed for a single DNS server. This rate-limiting mechanism helps protect the BIND 9.x server from being overwhelmed by excessive requests to a specific server, particularly when that server is slow or unresponsive.

Check Content

Verify fetches-per-server is enabled with an organization-defined number. 

Inspect the named.conf file for the following:

options {
fetches-per-server <integer> drop ;

If fetches-per-server is not enabled and set to drop, this is a finding.

Fix Text

Modify the BIND configuration file (/etc/named.conf ).

Add the fetches-per-server option to the "options" section of the configuration file.

fetches-per-server <integer> drop; 
 
After making changes, reload or restart BIND to apply the new settings.