CCE-34080-2Platform: cpe:/o:microsoft:windows_8.1 | Date: (C)2015-10-14 (M)2023-07-04 |
Update Top Level Domain Zones
Specifies whether the computers to which this setting is applied may send dynamic updates to the zones named with a single label name, also known as top-level domain zones, for example, 'com'.
By default, a DNS client configured to perform dynamic DNS update sends dynamic updates to the DNS zone that is authoritative for its DNS resource records, unless the authoritative zone is a top-level domain and root zone.
If this setting is enabled, computers to which this policy is applied send dynamic updates to any zone that is authoritative for the resource records that the computer needs to update, except the root zone.
If this setting is disabled, computers to which this policy is applied do not send dynamic updates to the root and/or top-level domain zones that are authoritative for the resource records that the computer needs to update.
If this setting is not configured, it is not applied to any computers, and computers use their local configuration.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesNetworkDNS Client!Update Top Level Domain Zones
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows NTDNSClient!UpdateTopLevelDomainZones
CCSS Severity: | CCSS Metrics: |
CCSS Score : 5.4 | Attack Vector: NETWORK |
Exploit Score: 2.8 | Attack Complexity: LOW |
Impact Score: 2.5 | Privileges Required: LOW |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: NONE |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:29242 |