STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to BIND 9.x Security Technical Implementation Guide

V-272382

CAT II (Medium)

A BIND 9.x implementation operating in a split DNS configuration must be approved by the organization's authorizing official (AO).

Rule ID

SV-272382r1124041_rule

STIG

BIND 9.x Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-000366

Discussion

BIND 9.x has implemented an option to use "view" statements to allow for split DNS architecture to be configured on a single name server. If the split DNS architecture is improperly configured, there is a risk that internal IP addresses and host names could leak into the external view of the DNS server. Allowing private IP space to leak into the public DNS system may provide a person with malicious intent the ability to footprint the network and identify potential attack targets residing on the private network.

Check Content

If the BIND 9.x name server is not configured for split DNS, this is not applicable.

Verify that the split DNS implementation has been approved by the organizations AO.

With the assistance of the DNS administrator, obtain the AO's letter of approval for the split DNS implementation.

If the split DNS implementation has not been approved by the organizations AO, this is a finding.

Fix Text

Obtain approval for the split DNS implementation from the AO.