Bug ID 1132925: Bot defense does not work with DNS Resolvers configured under non-zero route domains

Last Modified: Feb 07, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 17.0.0, 17.0.0.1, 17.0.0.2

Fixed In:
17.1.0, 16.1.4, 15.1.9

Opened: Aug 01, 2022

Severity: 4-Minor

Symptoms

When a DNS Resolver is configured under a non-zero route domain, the bot defense does not use the DNS resolver to perform DNS queries, resulting in some bots not being detected.

Impact

Some bots are not detected by bot defense mechanism.

Conditions

DNS Resolver is configured under non-zero route domain.

Workaround

Configure DNS Resolver under route domain 0.

Fix Information

Enhanced bot defense to use resolvers from any corresponding route domain. However, bot defense does not support route domain modification of DNS resolvers. Resolvers must be deleted and created again in the correct route domain.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips