Forum Discussion

silver's avatar
Icon for Nimbostratus rankNimbostratus
Apr 01, 2011

Securing the named configuration




We are using the GTM and it's behind the firewall and opened port tcp/udp 53.



Can any once suggest how to secure the named configuration and fine tuning methods.



Thanks in advance.


1 Reply

  • Hi Silver,



    if you're using the GTM for standard DNS resolution (not just wideip's) I'd recommend version 10.2.1 and HF2 which includes the following:



    BIND had been updated to mitigate the vulnerabilities in CVE-2010-3613 and CVE-2010-3615


    BIND has been updated to 9.6.3 to address an issue where DNSSEC validation could fail when a new Delegation Signer record is inserted into a trusted DNSSEC validation tree



    You may also find these useful:


  - Disabling the DNS version response on the BIG-IP GTM

  - Enabling DNS recursion on the BIG-IP GTM system

  - Managing the BIG-IP BIND configuration file

  - Overview of port lockdown behaviour



    Hope it helps!