Bug ID 1010697: Invoking the RESOLV::lookup iRule command with a virtual server name as argument may cause the command to use the incorrect virtual server for the DNS resolution.

Last Modified: Nov 22, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP DNS, GTM(all modules)

Known Affected Versions:
16.1.0, 15.1.3.1

Fixed In:
16.1.1, 15.1.4

Opened: Apr 12, 2021
Severity: 3-Major

Symptoms

The RESOLV::lookup iRule command may target an incorrect virtual server (i.e. something other than the one specified by the BIG-IP Administrator in the iRule).

Impact

As an incorrect virtual server receives the DNS query, no response, or an incorrect response, may be returned to the iRule command (which may in turn cause application failures).

Conditions

-- The RESOLV::lookup iRule command is invoked specifying a virtual server name as argument. -- The virtual server specified as argument to the command shares the same IP/port/route-domain combination with other virtual servers on the system (so that the only difference between the virtual servers is another configuration property, such as 'vlans' or 'source').

Workaround

Specify a virtual server as argument which doesn't share the same IP/port/route-domain combination with any other virtual server on the system.

Fix Information

The RESOLV::lookup iRule command now connects to the correct virtual server specified by name.

Behavior Change