Dynamic updates are possible on the DNS server
Posted on 2011-05-09
We have recently done Vulnerability assessment task and one of the DNS related observation is mentioned below:
1. Dynamic updates are possible on the DNS server
Summary It was possible to add a record into a zone using the DNS dynamic update protocol, as described by RFC 2136. This protocol can be used by DHCP clients to enter their host names into the DNS maps
Affected Resources 10.0.0.15
Impact This vulnerability could be subverted by malicious users to redirect network traffic.
Solution Limit addresses that are allowed to do dynamic updates (eg, with
BIND's 'allow-update' option) or implement TSIG or SIG (0).
Pls suggest is there any way to mitigate this risk without going for BIND service