Bug ID 1075001: Types 64-65 in IPS Compliance 'Unknown Resource Record Type'

Last Modified: Apr 24, 2024

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 15.1.9,, 15.1.10,,,, 16.0.0,, 16.0.1,,, 16.1.0, 16.1.1, 16.1.2,,, 16.1.3,,,,,, 16.1.4,,,, 17.0.0,,

Opened: Jan 21, 2022

Severity: 3-Major


Protocol Inspection compliance type 'Unknown Resource Record Type' (ID 10002) lists ranges of type ID numbers (62-98, 110-248, 259-32767, 32770-65535) that are considered 'unknown'. The hard-coded ranges include 64 (SVCB) and 65 (HTTPS), which is not accurate for some types of configurations. The inability to specify the ranges in 'Unknown Record Type' may impact some traffic because there are increasing numbers of DNS queries with Type ID of 64 - SVCB and 65 - HTTPS - (still in draft) observed with the introduction of iOS 14 and macOS 11.


DNS request records with 64 and 65 are blocked. The severity of this impact depends on your traffic.


When DNS profile in IPS 'Unknown Resource Record Type' is configured as Rejected.


Although there is no workaround, you can install an updated Protocol Inspection IM package (pi_updates_15.1.0-20220215.0652.im or later) from the F5 Downloads site under the ProtocolInspection-LatestUpdate entry on the version-specific downloads page.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips