Bind Domain Name System STIG Version 4, Release 1.20 Checklist Details (Checklist Revisions)

Supporting Resources:


Target CPE Name
ISC Bind 9.2.4 cpe:/a:isc:bind:9.2.4 (View CVEs)
ISC Bind 9.3.1 cpe:/a:isc:bind:9.3.1 (View CVEs)
ISC Bind 9.3.2 cpe:/a:isc:bind:9.3.2 (View CVEs)

Checklist Highlights

Checklist Name:
Bind Domain Name System STIG
Checklist ID:
Version 4, Release 1.20
Review Status:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:

Checklist Summary:

The primary objective of a DNS review is to examine the site’s administrative practices, name servers, and the zones those name servers support. The review should cover not only the authoritative name servers, but all supporting name servers as well. In some cases, this may not be feasible (e.g., the name server is remotely located), however, if any server supporting a zone is not assessed, this should be clearly documented in the final assessment report. Organizations may also have several caching name servers (i.e., servers that can resolve client queries), but which are not authoritative for any DNS records. These are the servers that are listed in the DNS configuration of the computers on the internal network. A DNS review should also evaluate all of the organization’s caching name servers, but a sample may suffice if there are resource or time constraints. Client DNS configuration is outside the scope of the review, which focuses on DNS servers and related administrative, technical and physical controls.

Checklist Role:

  • Server
  • Domain Name Server
  • DNS Server

Known Issues:

Not Provided

Target Audience:

Not Provided

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not Provided

Regulatory Compliance:

DoD Directive 8500.01


Not Provided


Not Provided

Product Support:

Not Provided

Point of Contact:

Customer Support Desk at


Not Provided


Not Provided

Change History:

1/27/2016 Promote to Final
Updated URL to reflect change to the DISA website - http --> https
moved to archive status - 4/15/19
Updated URLs - 6/24/19
Updated URLs - 9/11/19


URL Description


Reference URL Description

NIST checklist record last modified on 09/11/2019