Last Modified: May 29, 2024
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2
Fixed In:
17.1.0, 16.1.4, 15.1.9
Opened: Jun 15, 2021 Severity: 4-Minor
BIG-IP may forward invalid DNS responses to a client if the DNS server provides an invalid response.
Invalid DNS responses are forwarded to client.
BIG-IP configured as a proxy for a misbehaving backend DNS server.
None
The 'dns.responsematching' DB variable has been created to prevent forwarding invalid responses. When the DB variable 'dns.responsematching' is enable, DNS responses will be matched by transaction ID, query name, and the client's and server's IP addresses and port numbers.
The 'dns.responsematching' DB variable has been created to prevent forwarding invalid responses. When the DB variable 'dns.responsematching' is set to enable, DNS responses will be matched by transaction ID, query name, and the client's and server's IP addresses and port numbers.