STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to BIND 9.x Security Technical Implementation Guide

V-272431

CAT II (Medium)

The BIND 9.x server implementation must be configured with a channel to send audit records to a local file.

Rule ID

SV-272431r1123606_rule

STIG

BIND 9.x Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-001348

Discussion

DNS software administrators require DNS transaction logs for a wide variety of reasons including troubleshooting, intrusion detection, and forensics. Ensuring that the DNS transaction logs are recorded on the local system will provide the capability needed to support these actions.

Check Content

Verify that the BIND 9.x server is configured to send audit logs to a local log file.

Note: syslog and local file channel must be defined for every defined category.

Inspect the "named.conf" file for the following:

logging {
channel local_file_channel {
file "path_name" versions 3;
print-time yes;
print-severity yes;
print-category yes;
};

category category_name { local_file_channel; };

If a logging channel is not defined for a local file, this is a finding.

If a category is not defined to send messages to the local file channel, this is a finding.

Fix Text

Edit the "named.conf" file and add the following:

logging {
channel local_file_channel {
file "path_name" versions 3;
print-time yes;
print-severity yes;
print-category yes;
};
category category_name { local_file_channel; };
};

Restart the BIND 9.x process.