Bug ID 1709845: NSEC3 bitmap is not right when allow-nxdomain-override is enabled

Last Modified: Jan 10, 2025

Affected Product(s):
BIG-IP GTM, LTM(all modules)

Known Affected Versions:
17.1.1.4, 17.1.2

Opened: Oct 25, 2024

Severity: 4-Minor

Symptoms

NSEC3 bitmap uses dnssec.nsec3apextypesbitmap and does not remove qtype from the list.

Impact

DNS responses contain wrong information.

Conditions

Allow-nxdomain-override is enabled and there is no corresponding resource record for the wideip being queried.

Workaround

None

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips