Vulnerability Recommended Actions
If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.
BIG-IP/BIG-IQ/Enterprise Manager
To mitigate this vulnerability, you must disable the use of recursion in the BIND configuration. To determine if recursion has been manually enabled, and mitigate the vulnerability by disabling recursion, perform the following procedures.
Determining if recursion has been manually enabled on the system
Impact of action: Performing the following procedure should not have a negative impact on your system.
grep recursion /var/named/config/named.conf
recursion yes;
If the command returns the following response, recursion has not been enabled, and the system is not vulnerable.
recursion no;
Mitigating the vulnerability
To mitigate this vulnerability, you can disable recursion in the named.conf file. To do so, perform the following procedure:
Impact of action: This modification requires changing your configuration. F5 recommends that you test the modified configuration in an appropriate environment before implementing it.
cd /var/named/config
cp named.conf named.conf.SOL62012529
For example:
recursion yes;
For example:
recursion no;
bigstart restart named
Supplemental Information