Bug ID 1271453

Bug Tracker
ID 1271453

Bug ID 1271453: DNS requests with NSEC or NSEC3 RR type Responding with no NSEC3 and no authority section from BIG-IP authoritative server.

Last Modified: Jul 30, 2025

Affected Product(s):
BIG-IP DNS(all modules)

Known Affected Versions:
15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6

Opened: Mar 15, 2023

Severity: 3-Major

Symptoms

DNS requests with NSEC or NSEC3 RR type Responding with no NSEC/NSEC3 and no authority section from BIG-IP authoritative server.

Impact

DNSSEC Validation failure at resolver.

Conditions

-- Create a Zone in BIND. -- Create DNSSEC zone on BIG-IP. -- Send dig -t nsec3 ZONENAME @BIG_IP_listener +dnssec -- Observer the lack of AUTHORITY SECTION, NSEC3 and RRSIG

Workaround

None

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips