Bug ID 1311169

Bug Tracker
ID 1311169

Bug ID 1311169: DNSSEC response is not signed when failure-rcode-response is enabled and no record is returned

Last Modified: Jul 24, 2024

Affected Product(s):
BIG-IP TMOS(all modules)

Fixed In:
17.1.1, 16.1.5

Opened: Jun 21, 2023

Severity: 4-Minor

Symptoms

DNS response is not signed for DNSSEC zone for DNSSEC request.

Impact

DNS response is not signed.

Conditions

1. A DNSSEC zone exists. 2. Return Code on Failure is enabled and SOA Negative Caching TTL is set to 0. 3. A query hits that wideIP and does not get a pool member selected.

Workaround

SOA Negative Caching TTL set to a number larger than 0.

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips