000032593 - How to disable DNS in Authentication Manager 8.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032593
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1

IssueKB article 000032579 (Stack-based buffer overflow vulnerability with glibc getaddrinfo (CVE-2015-7547) in RSA products) mentions disabling DNS in Authentication Manager as a workaround for the issue. 
  1. From the Operations Console, select Administration > Network > Appliance Network Settings….
  2. Select DNS Servers.
  3. Select any DNS server address listed and click Remove until no DNS servers remain.
  4. Click Next.
  5. From the Review Changes and Confirm interface, select Apply Network Settings.  Although the interface warns that it may take up to ten minutes for services to be available, this type of change take effect immediately.
After this change:
  • Any hostnames that need to be resolved will have to be added to /etc/hosts file using the Operations Console (Administration > Network > Hosts file).
  • Security Console interfaces that use name resolution will no longer work unless the hostname has been manually entered (see previous). For example, if the Resolve IP button is used after entering an agent name, the address will be filled with a value of Unknown after a brief delay. Enter the agent’s address manually. When saving the agent, you will be asked to confirm that the name could not be resolved.