✎ 2.2.8 Ensure DNS Server is not enabled (Scored) [SecScan]

This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong.

======2.2.8 Ensure DNS Server is not enabled (Scored)======
=====Profile Applicability=====  
<code>
Level 1 - Server
Level 1 - Workstation 
</code>

=====Description=====
The Domain Name System (DNS) is a hierarchical naming system that maps names to IP addresses for computers, services and other resources connected to a network.

=====Rationale=====
Unless a system is specifically designated to act as a DNS server, it is recommended that the package be deleted to reduce the potential attack surface.

=====Audit===== 
Run the following commands to verify ''named'' is not enabled:
<Code:bash>
# systemctl is-enabled bind9
disabled 
</Code>
Verify result is not "enabled".

=====Remediation===== 
Run the following command to disable ''bind9'':
<Code:bash>
# systemctl disable bind9
</Code>