DNS Server Dynamic Update Record Injection
Medium Nessus Plugin ID 35372
SynopsisThe remote DNS server allows dynamic updates.
DescriptionIt was possible to add a record into a zone using the DNS dynamic update protocol, as described by RFC 2136.
This protocol can be used by DHCP clients to enter their host names into the DNS maps, but it could be subverted by malicious users to redirect network traffic.
SolutionIgnore this warning if the scanner address is in the range of IP addresses that are allowed to perform updates.
Limit addresses that are allowed to do dynamic updates (eg, with BIND's 'allow-update' option) or implement TSIG or SIG(0).