For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

swo0sh_gt_13163's avatar
swo0sh_gt_13163
Icon for Altostratus rankAltostratus
Aug 06, 2015

Why we need to allow DNS on Self IP?

Hello Folks,   Can anyone help me by sharing use case of having DNS enabled on Self-IP? Since iQuery relies TCP Port 4353, if LTM is in communication with GTM.   In which case it can help to ha...
dns
self-ip
swo0sh_gt_13163's avatar
swo0sh_gt_13163
Icon for Altostratus rankAltostratus
Aug 07, 2015

Hey Jason,

 

Thank you for your answer. As mentioned as a workaround against BIND vulnerability in F5's Knowledge base, we require to turn off UDP:Domain (i.e. UDP port 53) on self IP address, in order to temporarily fix the vulnerability.

 

So this means if my LTM is in communication with GTM, and if I disallow UDP:Domain port, my queries will start failing, right? How can we implement the fix against this in that case? https://support.f5.com/kb/en-us/solutions/public/16000/900/sol16909.html

 

Any suggestion?

 

Thank you, Darshan