Bug ID 1037005: iRule command RESOLV::lookup fails to connect to the specified target virtual server when this specifies a certain 'source' IP range.

Last Modified: Nov 22, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
16.1.0, 15.1.3.1

Fixed In:
16.1.1, 15.1.4

Opened: Jul 28, 2021
Severity: 3-Major

Symptoms

The RESOLV::lookup iRule command fails to connect to the specified target virtual server for DNS resolving purposes. If a tcpdump is collected at the time of the issue, the BIG-IP system can also be seen trying to reach the target virtual server externally, over the network (for example, by sending out ARP requests for the associated IP address). This is incorrect, as the target virtual server is an object living on the BIG-IP itself.

Impact

DNS resolutions will fail. Extraneous traffic (for destinations internal to the BIG-IP system) is seen on the network.

Conditions

-- Usage of the RESOLV::lookup iRule command against a virtual server. -- The target virtual server is configured with a 'source' property which encompasses TMM's internal IP address range (for example 127.0.0.0/8, 127.1.1.0/24, etc.).

Workaround

Set the 'source' property of the target virtual server to its default value (0.0.0.0/0).

Fix Information

The RESOLV::lookup iRule command now successfully connects to target virtual servers with a 'source' property which encompasses TMM's internal IP address range.

Behavior Change