Forum Discussion

Ilian_Ivanov's avatar
Ilian_Ivanov
Icon for Nimbostratus rankNimbostratus
May 22, 2018

DNS Server Dynamic Update Record Injection

Hello,   Does anyone know how to mitigate this vulnerability? Looks like F5 GMT v11.6.2 is vulnerable.   https://nmap.org/nsedoc/scripts/dns-update.html   Thank you in advance.  
BIG-IP DNS
security
vulnerability
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
May 22, 2018

Hi,

 

If you host dns on F5, you can Limit addresses that are allowed to do dynamic updates (eg, with BIND's 'allow-update' option) or implement TSIG or SIG(0).

 

Following your documentatio: https://www.tenable.com/plugins/nessus/35372

 

have you already deployed this solution?

 

Regards,