2.2.8 Ensure DNS Server is not enabled (Scored)

Level 1 - Server
Level 1 - Workstation 

The Domain Name System (DNS) is a hierarchical naming system that maps names to IP addresses for computers, services and other resources connected to a network.

Unless a system is specifically designated to act as a DNS server, it is recommended that the package be deleted to reduce the potential attack surface.

Run the following commands to verify named is not enabled:

# systemctl is-enabled bind9

Verify result is not “enabled”.

Run the following command to disable bind9:

# systemctl disable bind9
  • ubuntu1604/2/2/8.txt
  • Last modified: 2017/05/02 11:41
  • by Piotr Kłoczewski