Forum Discussion
1 Reply
Sort By
- Cspillane_18296NimbostratusHi Silver,
We are using the GTM and it's behind the firewall and opened port tcp/udp 53.
Can any once suggest how to secure the named configuration and fine tuning methods.
Thanks in advance.
if you're using the GTM for standard DNS resolution (not just wideip's) I'd recommend version 10.2.1 and HF2 which includes the following:
BIND had been updated to mitigate the vulnerabilities in CVE-2010-3613 and CVE-2010-3615
BIND has been updated to 9.6.3 to address an issue where DNSSEC validation could fail when a new Delegation Signer record is inserted into a trusted DNSSEC validation tree
You may also find these useful:
http://support.f5.com/kb/en-us/solutions/public/6000/800/sol6827.html - Disabling the DNS version response on the BIG-IP GTM
http://support.f5.com/kb/en-us/solutions/public/7000/000/sol7055.html - Enabling DNS recursion on the BIG-IP GTM system
http://support.f5.com/kb/en-us/solutions/public/6000/900/sol6963.html - Managing the BIG-IP BIND configuration file
http://support.f5.com/kb/en-us/solutions/public/7000/300/sol7317.html - Overview of port lockdown behaviour
Hope it helps!