Bug ID 1039205: DNSSEC key stored on netHSM fails to generate if the key name length is > 24

Last Modified: Dec 07, 2023

Affected Product(s):
BIG-IP DNS, LTM(all modules)

Known Affected Versions:
14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5

Fixed In:
15.1.5.1, 14.1.4.6

Opened: Aug 06, 2021

Severity: 3-Major

Symptoms

DNSSEC keys are not generated successfully. Errors in logs similar to: gtm1 err tmsh[4633]: 01420006:3: Key management library returned bad status: -20, Domain names must be 63 characters or less.

Impact

DNSSEC keys are not generated successfully.

Conditions

Create DNSSEC key with a name longer than 24: # tmsh create ltm dns dnssec key DNSSEC_with_long_name_21_ key-type zsk use-fips external

Workaround

None

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips