STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to BIND 9.x Security Technical Implementation Guide

V-275935

CAT II (Medium)

The BIND 9.x server implementation must have QNAME minimization set to "strict".

Rule ID

SV-275935r1124025_rule

STIG

BIND 9.x Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-000366

Discussion

QNAME minimization limits the amount of information sent in DNS queries to intermediate nameservers, improving privacy by reducing the potential for DNS leak. It modifies the flow of DNS queries to reveal only what is necessary for the current server to find the next one in the resolution chain.

Check Content

Verify QNAME minimization is set to "strict".

Inspect the named.conf file for the following:

options {
qname-minimization strict;

If the qname minimization is not set to "strict", this is a finding.

Fix Text

Edit the named.conf file 

    options {
       
        qname-minimization strict; 
    };

After making changes, save the named.conf file and restart the BIND service to apply the changes.