The AIX DHCP client must not send dynamic DNS updates.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-215427 | SRG-OS-000480-GPOS-00227 | AIX7-00-003132 | SV-215427r991589_rule | 2026-02-06 | 3 |
Description
Dynamic DNS updates transmit unencrypted information about a system including its name and address and should not be used unless needed.
ℹ️ Check
If AIX does not use DHCP client, this is Not Applicable.
Determine if the system's DHCP client is configured to send dynamic DNS updates:
# grep "^updateDNS" /etc/dhcpc.opt /etc/dhcpcd.ini
If any lines are returned, this is a finding.
✔️ Fix
Configure the system's DHCP client to not send dynamic DNS updates.
Remove or comment-out "updateDNS" lines from the "/etc/dhcpcd.ini" and "/etc/dhcpc.opt" files.