Bug ID 1606813: Zone transfer fails for large zones when using TSIG key

Last Modified: Dec 18, 2024

Affected Product(s):
BIG-IP DNS(all modules)

Known Affected Versions:
15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6, 16.1.5, 16.1.5.1, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2

Opened: Jul 09, 2024

Severity: 3-Major

Symptoms

-- Zone transfer fails when DNSSEC is enabled. Malformed records exist in traffic captures. -- Error logs such as err zxfrd[4833]: 01531012:3: Transfer of zone <zone name> failed due to invalid TSIG were seen.

Impact

Zone transfer fails with DNSSEC enabled.

Conditions

-- Larger zone with large number of records -- DNSSEC and TSIG is enabled

Workaround

Zone transfer works fine if DNSSEC is not used on the Master DNSX server.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips