CCE-90770-9Platform: rhel7 | Date: (C)2017-06-29 (M)2022-10-10 |
Disable Zone Transfers from the Nameserver
Is it necessary for a secondary nameserver to receive zone dat
Avia zone transfer from the primary server? If not, follow the instructions in
this section. If so, see the next section for instructions on protecting zone
transfers.
Add or correct the following directive within '/etc/named.conf':
options {
allow-transfer { none; };
...
}
Parameter:
Technical Mechanism:
If both the primary and secondary nameserver are under your control,
or if you have only one nameserver, it may be possible to use an external
configuration management mechanism to distribute zone updates. In that case, it
is not necessary to allow zone transfers within BIND itself, so they should be
disabled to avoid the potential for abuse.
Fix:
No Remediation Info
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: