SOL14601 - BIND vulnerability CVE-2012-5689

Vulnerability Recommended Actions

If using DNS64 and RPZs together, you can mitigate this vulnerability by verifying that the RPZ contains an AAAA rewrite rule for every A rewrite rule in the zone. If the RPZ provides an AAAA answer without the assistance of DNS64, the vulnerability is not triggered.

Note: For more information about RPZ Rewriting, refer to Chapter 6. BIND 9 Configuration Reference. This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.

Impact of action: None

Supplemental Information

• SOL9970: Subscribing to email notifications regarding F5 products
• SOL9957: Creating a custom RSS feed to view new and updated documents.
• SOL4602: Overview of the F5 security vulnerability response policy
• SOL4918: Overview of the F5 critical issue hotfix policy
• SOL167: Downloading software and firmware from F5
• SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)