Forum Discussion

Nimbostratus

May 22, 2018

DNS Server Dynamic Update Record Injection

Hello, Does anyone know how to mitigate this vulnerability? Looks like F5 GMT v11.6.2 is vulnerable. https://nmap.org/nsedoc/scripts/dns-update.html Thank you in advance.

Cumulonimbus

May 22, 2018

Hi,

If you host dns on F5, you can Limit addresses that are allowed to do dynamic updates (eg, with BIND's 'allow-update' option) or implement TSIG or SIG(0).

Following your documentatio: https://www.tenable.com/plugins/nessus/35372

have you already deployed this solution?

Regards,

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

DNS Server Dynamic Update Record Injection

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

NGINX event logs send to F5 Data Collection Device and analysis from BIG-IQ it possible or not?

Cannot ping external interface

Dump all host running services during APM logon

Failed to execute iptable cmd: ," CMD="iptables -A SSH_ALLOW_RULES error

HA Failover between two Datacenters

Related Content

WAF evasion techniques for Command Injection

Serverside SNI injection iRule

Mitigating OWASP Web Application Risk: Injection exploits using F5 BIG-IP

AI Security : Prompt Injection and Insecure Output Handling.

JA4 Part 2: Detecting and Mitigating Based on Dynamic JA4 Reputation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS