Last Modified: Apr 11, 2024
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
16.1.0, 15.1.3.1
Fixed In:
17.0.0, 16.1.1, 15.1.4
Opened: Jul 28, 2021 Severity: 3-Major
The RESOLV::lookup iRule command fails to connect to the specified target virtual server for DNS resolving purposes. If a tcpdump is collected at the time of the issue, the BIG-IP system can also be seen trying to reach the target virtual server externally, over the network (for example, by sending out ARP requests for the associated IP address). This is incorrect, as the target virtual server is an object living on the BIG-IP itself.
DNS resolutions will fail. Extraneous traffic (for destinations internal to the BIG-IP system) is seen on the network.
-- Usage of the RESOLV::lookup iRule command against a virtual server. -- The target virtual server is configured with a 'source' property which encompasses TMM's internal IP address range (for example 127.0.0.0/8, 127.1.1.0/24, etc.).
Set the 'source' property of the target virtual server to its default value (0.0.0.0/0).
The RESOLV::lookup iRule command now successfully connects to target virtual servers with a 'source' property which encompasses TMM's internal IP address range.