Rule ID
SV-281362r1167236_rule
Version
V1R1
To ensure that DNS resolver settings are respected, a DNS mode in Network Manager must be configured. The following are common DNS values in "NetworkManager.conf [main]": - default: NetworkManager will update "/etc/resolv.conf" to reflect the nameservers provided by currently active connections. - none: NetworkManager will not modify "/etc/resolv.conf". Used when DNS is managed manually or by another service. - systemd-resolved: Uses "systemd-resolved" to manage DNS. - dnsmasq: Enables the internal "dnsmasq" plugin. Satisfies: SRG-OS-000420-GPOS-00186, SRG-OS-000142-GPOS-00091
Verify RHEL 10 has a DNS mode configured in Network Manager. $ NetworkManager --print-config [main] dns=none If the dns key under "main" does not exist or is set to "dnsmasq", this is a finding. Note: If RHEL 10 is configured to use a DNS resolver other than Network Manager, the configuration must be documented and approved by the information system security officer.
Configure RHEL 10 to use a DNS mode in Network Manager. In "/etc/NetworkManager/NetworkManager.conf", add the following line in the "[main]" section: dns = none Where <dns processing mode> is default, none, or systemd-resolved. Network Manager must be reloaded for the change to take effect: $ sudo systemctl reload NetworkManager