) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Microsoft Windows Server Domain Name System STIG Ver 2, Rel 4 Checklist Details (Checklist Revisions)
Supporting Resources:
-
Download Standalone XCCDF 1.1.4 - Microsoft Windows Server DNS STIG - Ver 2, Rel 4
- Defense Information Systems Agency
-
Download Automated Content - SCC 5.14 Windows
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
Target:
| Target | CPE Name |
|---|---|
| Microsoft Active Directory | cpe:/a:microsoft:active_directory (View CVEs) |
Checklist Highlights
- Checklist Name:
- Microsoft Windows Server Domain Name System STIG
- Checklist ID:
- 1080
- Version:
- Ver 2, Rel 4
- Type:
- Compliance
- Review Status:
- Final
- Authority:
- Governmental Authority: Defense Information Systems Agency
- Original Publication Date:
- 01/18/2024
Checklist Summary:
This Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide (STIG) is published as a tool to secure Microsoft Windows DNS implementations. This STIG will be used for all Windows DNS servers, whether they are Active Directory (AD)-integrated, authoritative file-backed DNS zones, a hybrid of both, or a recursive caching server. This STIG must also be used for Windows DNS servers that are a secondary name server for zones whose master authoritative server is non-Windows. The direction is to ensure the authentication and integrity of Windows Server DNS data by applying DNS Security Extensions (DNSSEC) as specified by the Internet Engineering Task Force (IETF) Requests for Comment (RFC4641, RFC5011, RFC5155, RFC4033, RFC4034, RFC4035, and RFC3833) and outlined in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-81, “Secure Domain Name System (DNS) Deployment Guide.” NIST SP 800-81 rev 2, “Secure Domain Name System (DNS) Deployment Guide,” has also been a resource in the development of this STIG. The DNS Server service has greatly enhanced support for DNSSEC in Windows Server DNS. Therefore, these STIG settings are required for all Windows DNS implementations.
Checklist Role:
- Active Directory Server
- DNS Server
Known Issues:
Not provided.
Target Audience:
Not provided.
Target Operational Environment:
- Managed
- Specialized Security-Limited Functionality (SSLF)
Testing Information:
Not provided.
Regulatory Compliance:
DoD Instruction (DoDI) 8500.01
Comments/Warnings/Miscellaneous:
Comments or proposed revisions to this document should be sent via email to the following address: [email protected]. DISA will coordinate all change requests with the relevant DOD organizations before inclusion in this document. Approved changes will be made in accordance with the DISA maintenance release schedule.
Disclaimer:
Not provided.
Product Support:
Not provided.
Point of Contact:
Sponsor:
Not provided.
Licensing:
Not provided.
Change History:
Dependency/Requirements:
| URL | Description |
|---|
References:
| Reference URL | Description |
|---|