Bug ID 1025497: BIG-IP may accept and forward invalid DNS responses

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,

Fixed In:
17.1.0, 16.1.4, 15.1.9

Opened: Jun 15, 2021

Severity: 4-Minor


BIG-IP may forward invalid DNS responses to a client if the DNS server provides an invalid response.


Invalid DNS responses are forwarded to client.


BIG-IP configured as a proxy for a misbehaving backend DNS server.



Fix Information

The 'dns.responsematching' DB variable has been created to prevent forwarding invalid responses. When the DB variable 'dns.responsematching' is enable, DNS responses will be matched by transaction ID, query name, and the client's and server's IP addresses and port numbers.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips