Checklist Summary:

This Microsoft Windows 2012 Server Domain Name System (DNS) STIG is published as a tool to secure Microsoft Windows 2012 DNS implementations. This STIG will be used for all Windows 2012/2012 R2 DNS servers, whether Active Directory-integrated, authoritative file-backed DNS zones, a hybrid of both, or as a recursive caching server. This STIG should also be used for Windows 2012 DNS servers being used as a secondary name server for zones whose master authoritative server is non-Windows. The direction is to ensure Windows 2012 DNS data’s authentication and integrity through the means of applying DNS Security Extensions (DNSSEC), specified by the Internet Engineering Task Force (IETF) Requests for Comment (RFC4641, RFC5011, RFC5155, RFC4033, RFC4034, RFC4035, and RFC3833) and as outlined in the NIST Special Publication (SP) 800-81, “Secure Domain Name System (DNS) Deployment Guide”. In addition, the NIST SP 800-81 rev 2, “Secure Domain Name System (DNS) Deployment Guide” has been a resource in the development of this Windows 2012 DNS STIG. As the DNS Server service in Windows Server 2012 has greatly enhanced support for DNSSEC, these STIG settings are required for all Windows 2012/2012 R2 DNS implementations.

Checklist Role:

• Domain Name Server
• DNS Server
• Desktop and Server Operating System

Known Issues:

Not Provided

Target Audience:

This checklist is primarily for IT generalists, security specialists, network architects, and other IT professionals and consultants who plan application or infrastructure development and deployments of Windows 8 and BitLocker for both desktop and laptop client computers in an enterprise environment.

Target Operational Environment:

• Managed

Testing Information:

Not Provided

Regulatory Compliance:

DoD Instruction (DoDI) 8500.01

Comments/Warnings/Miscellaneous:

Not Provided

Disclaimer:

Not Provided

Product Support:

Not Provided

Point of Contact:

disa.stig_spt@mail.mil

Sponsor:

Not Provided

Licensing:

Not Provided

Change History:

Version 1, Release 2 - 29 October 2015
Changed status from "Under Review" to "Final" - 04 December 2015
Version 1, Release 3 - 2 February 2016
3/11/2016 - Promote to Final
updated to - v1, r4 - 07/22/2016
Updated to FINAL - 09/12/2016
Updated to Ver 1, Rel 5 - 01/27/2017
Updated to FINAL - 03/13/2017
Updated to Version 1, Release 6 - 04/28/2017
Updated to FINAL - 05/30/2017
null
Updated URL to reflect change to the DISA website - http --> https
Updated to Version 1, Release 8 - 02/16/2018
Updated to FINAL - 3/18/2018
updated to v1,r9 - 4/25/18
Updated to FINAL - 5/25/18
updated to Version 1, Release 10 - 7/24/18
Updated to FINAL - 8/24/18
Updated to Version 1, Release 11 - 1/23/19
Updated to FINAL - 2/19/19
Updated URLs - 6/12/19
Updated URLs - 8/12/2019
updated URLs per DISA - 1/21/2020
corrected reference title - 1/22/2020
Updated URLs per DISA - 4/24/2020
updated URLs - 8/3/2020
updated URLs - 10/27/2020
updated URLs - 4/28/2021
Updated resource per DISA - 7/29/21
Updated resource per DISA - 11/26/21
Updated resource per DISA - 5/29/22
Update Version and Resources - 06/10/2024
Updated Checklist Version, Resources and Status - 08/15/2024

Dependency/Requirements:

URL	Description

References:

Reference URL	Description

NIST checklist record last modified on 08/15/2024