Securing the named configuration

Question

Hi,&nbsp;
&nbsp;We are using the GTM and it's behind the firewall and opened port tcp/udp 53.&nbsp;
&nbsp;Can any once suggest how to secure the named configuration and fine tuning methods.&nbsp;
&nbsp;Thanks in advance.&nbsp;

cspillane_18296 · Answer

Hi Silver, &nbsp;
&nbsp; if you're using the GTM for standard DNS resolution (not just wideip's) I'd recommend version 10.2.1 and HF2 which includes the following: &nbsp;
&nbsp; BIND had been updated to mitigate the vulnerabilities in CVE-2010-3613 and CVE-2010-3615 
&nbsp; BIND has been updated to 9.6.3 to address an issue where DNSSEC validation could fail when a new Delegation Signer record is inserted into a trusted DNSSEC validation tree &nbsp;
&nbsp; You may also find these useful: &nbsp;
&nbsp; http://support.f5.com/kb/en-us/solutions/public/6000/800/sol6827.html - Disabling the DNS version response on the BIG-IP GTM 
&nbsp; http://support.f5.com/kb/en-us/solutions/public/7000/000/sol7055.html - Enabling DNS recursion on the BIG-IP GTM system 
&nbsp; http://support.f5.com/kb/en-us/solutions/public/6000/900/sol6963.html - Managing the BIG-IP BIND configuration file 
&nbsp;http://support.f5.com/kb/en-us/solutions/public/7000/300/sol7317.html - Overview of port lockdown behaviour&nbsp;
&nbsp; Hope it helps!

Forum Discussion

Securing the named configuration

1 Reply

Recent Discussions

Help with URL Masking

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

Related Content

Using ChatGPT for security and introduction of AI security

Auditing Security Policy Updates

HTTP Multipart and Security Implications

Using Distributed Application Security Policies in Secure Multicloud Networking Customer Edge Sites

Minimizing Security Complexity: Managing Distributed WAF Policies