Last Modified: Sep 13, 2023
Known Affected Versions:
15.1.3, 188.8.131.52, 15.1.4, 184.108.40.206, 15.1.5, 220.127.116.11, 15.1.6, 18.104.22.168, 15.1.7, 15.1.8, 22.214.171.124, 126.96.36.199
17.1.0, 16.1.4, 15.1.9
Opened: Jun 15, 2021 Severity: 4-Minor
BIG-IP may forward invalid DNS responses to a client if the DNS server provides an invalid response.
Invalid DNS responses are forwarded to client.
BIG-IP configured as a proxy for a misbehaving backend DNS server.
The 'dns.responsematching' DB variable has been created to prevent forwarding invalid responses. When the DB variable 'dns.responsematching' is enable, DNS responses will be matched by transaction ID, query name, and the client's and server's IP addresses and port numbers.