Forum Discussion
silver
Nimbostratus
NimbostratusSecuring the named configuration
Hi,
We are using the GTM and it's behind the firewall and opened port tcp/udp 53.
Can any once suggest how to secure the named configuration and fine tuning methods.
Than...
Cspillane_18296Nimbostratus
NimbostratusHi Silver,
if you're using the GTM for standard DNS resolution (not just wideip's) I'd recommend version 10.2.1 and HF2 which includes the following:
BIND had been updated to mitigate the vulnerabilities in CVE-2010-3613 and CVE-2010-3615
BIND has been updated to 9.6.3 to address an issue where DNSSEC validation could fail when a new Delegation Signer record is inserted into a trusted DNSSEC validation tree
You may also find these useful:
http://support.f5.com/kb/en-us/solutions/public/6000/800/sol6827.html - Disabling the DNS version response on the BIG-IP GTM
http://support.f5.com/kb/en-us/solutions/public/7000/000/sol7055.html - Enabling DNS recursion on the BIG-IP GTM system
http://support.f5.com/kb/en-us/solutions/public/6000/900/sol6963.html - Managing the BIG-IP BIND configuration file
http://support.f5.com/kb/en-us/solutions/public/7000/300/sol7317.html - Overview of port lockdown behaviour
Hope it helps!
