CCE-90733-7Platform: rhel7,centos7 | Date: (C)2017-06-29 (M)2022-10-10 |
Do Not Use Dynamic DNS
To prevent the DHCP server from receiving DNS information from
clients, edit '/etc/dhcp/dhcpd.conf', and add or correct the following global
option: 'ddns-update-style none;'
Parameter:
Technical Mechanism:
The Dynamic DNS protocol is used to remotely update the data served
by a DNS server. DHCP servers can use Dynamic DNS to publish information about
their clients. This setup carries security risks, and its use is not
recommended. If Dynamic DNS must be used despite the risks it poses, it is
critical that Dynamic DNS transactions be protected using TSIG or some other
cryptographic authentication mechanism. See dhcpd.conf(5) for more information
about protecting the DHCP server from passing along malicious DNS data from its
clients.
Fix:
No Remediation Info
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31146 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30423 |