Checklist Summary:

This benchmark is intended to assist administrators in securing the BIND (Berkeley Internet Name Domain) an openly redistributable implementation of the Domain Name Service (DNS) protocols. While the majority of the recommendations and steps outlined in this document apply to most Unix systems, it should be noted that specific syntax for some commands will vary for some Unix platforms so the reader is encouraged to be familiar with the differences specific to their individual platforms. The provided excerpts have been tested using BIND 9.3.1 on Red Hat Fedora Core 4 and BIND 9.2.4 on Solaris 10. The configuration and security controls provided have been developed through a consensus effort of best practices recommended by a majority of participating security experts.

Checklist Role:

• Domain Name Server

Known Issues:

Not provided.

Target Audience:

The audience for the document is at the level of an experienced system administrator, with some specific experience in administering the BIND software.

Target Operational Environment:

• Managed

Testing Information:

The provided excerpts have been tested using BIND 9.3.1 on Red Hat Fedora Core 4 and BIND 9.2.4 on Solaris 10 03/2005.

Regulatory Compliance:

Not provided.

Comments/Warnings/Miscellaneous:

Refer to Known Issues.

Disclaimer:

Differs for Public and Private consumers, please read disclaimer information from the CIS web site located at: http://www.cisecurity.org/sub_form.html

Product Support:

http://www.cisecurity.org/

Point of Contact:

Not provided.

Sponsor:

Not provided.

Licensing:

Differs for Public and Private consumers, please read licensing information from the CIS web site located at http://www.cisecurity.org/sub_form.html

Change History:

01-01-2006-Version 1.0
05-04-2009-Version 2.0.0
Updated URL - 7/26/19

Dependency/Requirements:

URL	Description

References:

Reference URL	Description

NIST checklist record last modified on 07/26/2019