SynopsisThe remote DNS server allows dynamic updates.
DescriptionIt was possible to add a record into a zone using the DNS dynamic update protocol, as described by RFC 2136.
This protocol can be used by DHCP clients to enter their host names into the DNS maps, but it could be subverted by malicious users to redirect network traffic.
SolutionIgnore this warning if the scanner address is in the range of IP addresses that are allowed to perform updates.
Limit addresses that are allowed to do dynamic updates (eg, with BIND's 'allow-update' option) or implement TSIG or SIG(0).
File Name: dns_dyn_update.nasl
CVSS Score Source: manual
CVSS Score Rationale: Insecure dns record update
Required KB Items: DNS/udp/53
Exploited by Nessus: true