Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7
Fixed In:
14.0.0, 13.1.0.8
Opened: Jan 24, 2018 Severity: 3-Major
In ID 517347, checking was added to attempt to detect infinite loops caused by improper use of the DNS::return iRule command. This is occasionally catching false positive loops resulting in connections being dropped incorrectly.
If a loop is erroneously detected, the connection will be dropped.
A virtual with a DNS profile that is using the udp profile instead of the udp_gtm_dns profile. An iRule that uses the DNS::return command.
Where possible use the udp_gtm_dns profile instead of udp on virtuals with a DNS profile. Where possible, use a "return" command immediately after the "DNS::return" command to prevent accidentally calling DNS::return multiple times.
The loop detection logic has been removed.