Bug ID 1824009: When DNS64 is enabled, resolver cache passes SERVFAIL responses to the client

Last Modified: Mar 26, 2025

Affected Product(s):
BIG-IP DNS(all modules)

Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 16.1.5.2, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.5.0

Opened: Feb 22, 2025

Severity: 3-Major

Symptoms

When a DNS profile is configured with both Secondary DNS64 (and Prefix) and a resolver cache, a response from an authoritative server of SERVFAIL to a AAAA query is sent directly to a client

Impact

SERVFAIL response is directly send back to the client

Conditions

- DNS64 enabled in the DNS profile - DNS resolver cache configured

Workaround

None

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips