Bug ID 850509: Zone Trusted Signature inadequately maintained, following change of master key

Last Modified: Aug 19, 2024

Affected Product(s):
BIG-IP DNS(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1

Fixed In:
16.0.0, 15.1.2, 14.1.4.4, 13.1.5

Opened: Nov 16, 2019

Severity: 2-Critical

Symptoms

During config load or system start-up, you may see the following error: -- 01071769:3: Decryption of the field (privatekey) for object (13079) failed. Unexpected Error: Loading configuration process failed. In some instances, other errors resembling the following may appear: -- Failed to sign zone transfer query for zone DNSZONE01 using TSIG key zone01key.pl. -- Failed to transfer DNSZONE01 from 203.0.113.53, will attempt IXFR (Retry).

Impact

Unable to view TSIG keys. Configuration cannot be loaded. Failures of DNS zone transfers may occur.

Conditions

-- TSIG keys are present in the device configuration. -- The device's master key is changed.

Workaround

None.

Fix Information

When master key changes, TSIG keys are now properly re-encrypted, so this problem no longer exists.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips