Bug ID 957321

Bug Tracker
ID 957321

Bug ID 957321: When BIG-IP contains an invalid DNS Resolver, Bot Defense might wrongly classify search engines as malicious

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6

Opened: Oct 20, 2020

Severity: 4-Minor

Symptoms

When the first DNS resolver is invalid, Bot Defense is unable to verify trusted bots, and is classifying them as malicious bots.

Impact

Bot Defense wrongly classifies valid search engines as malicious bots (and might block them if enforcement is enabled).

Conditions

-- First DNS resolver in the list is invalid. -- Bot Defense profile is attached to a virtual server. -- Request from a search engine arrives.

Workaround

Fix the first DNS resolver in the list. It's possible that the first DNS resolver is the built in DNS resolver "f5-aws-dns".

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips