Last Modified: Apr 17, 2024
Affected Product(s):
BIG-IP DNS, GTM
Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4
Opened: Aug 13, 2020 Severity: 3-Major
Bind does not match IPv6 addresses configured for a zone view, and returns REFUSED responses, rather than the expected answers. After enabling debug logging in bind (see K14680), the apparent source address of the IPv6 DNS requests shows as being in the fe80::/96 range, rather than the IPv6 source address that sent the request. For example: debug 1: client @0x579bf188 fe80::201:23ff:fe45:6701%10#4299: no matching view in class 'IN'
You cannot use DNS views in bind (zonerunner) based on IPv6 addresses.
- BIG-IP DNS is provsioned - One or more ZoneRunner views is defined using IPv6 addresses. - A DNS query is sent from an IPv6 source address
If possible, use only IPv4 addresses to define views for DNS queries
None