Skip to content

2.1.4 Ensure dns server services are not in use

Audit#

Run the following command to verify bind9 is not installed: 

# dpkg-query -s bind9 &>/dev/null && echo "bind9 is installed"
Nothing should be returned.

- OR - - IF - the package is required for dependencies: Run the following command to verify named.service is not enabled: 

# systemctl is-enabled named.service 2>/dev/null | grep 'enabled'
Nothing should be returned

Run the following command to verify named.service is not active: 

# systemctl is-active named.service 2>/dev/null | grep '^active'
Nothing should be returned

Note: If the package is required for a dependency - Ensure the dependent package is approved by local site policy - Ensure stopping and masking the service and/or socket meets local site policy

Remediation#

Run the following commands to stop named.service and remove the bind9 package: 

# systemctl stop named.service
# apt purge bind9

- OR - - IF - the bind9 package is required as a dependency: Run the following commands to stop and mask bind9.service: 

# systemctl stop named.service
# systemctl mask named.service