STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to BIND 9.x Security Technical Implementation Guide

V-272406

CAT II (Medium)

The platform on which the name server software is hosted must only run processes and services needed to support the BIND 9.x implementation.

Rule ID

SV-272406r1156959_rule

STIG

BIND 9.x Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-000366

Discussion

Hosts that run the name server software must not provide any other services. Unnecessary services running on the DNS server can introduce additional attack vectors, leading to the compromise of an organization's DNS architecture.

Check Content

Verify that the BIND 9.x server is dedicated for DNS traffic.

With the assistance of the DNS administrator, identify all of the processes running on the BIND 9.x server:

# ps -ef | less

If any of the identified processes are not in support of normal OS functionality or in support of the BIND 9.x process, this is a finding.

Fix Text

Disable or uninstall all non-DNS related applications from the BIND 9.x server.