Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP DNS, GTM
Known Affected Versions:
11.5.5, 11.5.6, 11.5.7, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.1.0
Fixed In:
15.0.0, 14.1.0.1, 14.0.0.4, 13.1.1.4, 12.1.4, 11.6.3.4, 11.5.8
Opened: Nov 14, 2018 Severity: 3-Major
A configured DNS resolving cache returns a response with two OPT records when the response is truncated and not in the cache.
A DNS message with multiple OPT records is considered malformed and will likely be dropped by the client.
This can occur when: -- A DNS resolving cache is configured. -- The DNS query being handled is not already cached. -- The response for the query must be truncated because it is larger than the size the client can handle (either 512 bytes or the buffer size indicated by an OPT record in the query).
A second query will return the cached record, which will only have one OPT record.
DNS cache resolver now returns the correct response under these conditions.