DNS Server Dynamic Update Record Injection

Question

Hello,&nbsp;
Does anyone know how to mitigate this vulnerability? Looks like F5 GMT v11.6.2 is vulnerable.&nbsp;
https://nmap.org/nsedoc/scripts/dns-update.html &nbsp;
Thank you in advance.&nbsp;

youssef1 · Answer

Hi,&nbsp;
did you have dns license?&nbsp;
Regards&nbsp;

ilian_ivanov · Answer

Yes, we have DNS license and we are using it :)&nbsp;

leonardo_souza · Answer

You need to find what CVE is that, and then just search in askf5.&nbsp;
If there is no CVE created, or you can't find information about the CVE, you need to open a ticket with F5 support to get more information.&nbsp;

youssef1 · Answer

Hi,&nbsp;
If you host dns on F5, you can Limit addresses that are allowed to do dynamic updates (eg, with BIND's 'allow-update' option) or implement TSIG or SIG(0).&nbsp;
Following your documentatio: https://www.tenable.com/plugins/nessus/35372&nbsp;
have you already deployed this solution?&nbsp;
Regards,&nbsp;

Forum Discussion

DNS Server Dynamic Update Record Injection

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

External Posting to APM with dynamic URL

Host header injection

Extracting dynamic parameter values from a "Jason" formatted response.

Using dynamic IPs in a Virtual Server

ASM - Dynamic SQL Injection Protection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS