STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to BIND 9.x Security Technical Implementation Guide

V-272433

CAT II (Medium)

The BIND 9.x server implementation must not be configured with a channel to send audit records to null.

Rule ID

SV-272433r1123612_rule

STIG

BIND 9.x Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-001348

Discussion

DNS software administrators require DNS transaction logs for a wide variety of reasons including troubleshooting, intrusion detection, and forensics. Ensuring that the DNS transaction logs are recorded on the local system will provide the capability needed to support these actions. Sending DNS transaction data to the null channel would cause a loss of important data.

Check Content

Verify that the BIND 9.x server is not configured to send audit logs to the null channel.

Inspect the "named.conf" file for the following:

category null { null; }

If there is a category defined to send audit logs to the "null" channel, this is a finding.

Fix Text

Edit the "named.conf" file.

Remove any instance of the following:

category null { null; };

Restart the BIND 9.x process.