Bug ID 1132925: Bot defense does not work with DNS Resolvers configured under non-zero route domains

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:, 14.1.5,,,,,, 15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 16.0.0,, 16.0.1,,, 16.1.0, 16.1.1, 16.1.2,,, 16.1.3,,,,,, 17.0.0,,

Fixed In:
17.1.0, 16.1.4, 15.1.9

Opened: Aug 01, 2022

Severity: 4-Minor


When a DNS Resolver is configured under a non-zero route domain, the bot defense does not use the DNS resolver to perform DNS queries, resulting in some bots not being detected.


Some bots are not detected by bot defense mechanism.


DNS Resolver is configured under non-zero route domain.


Configure DNS Resolver under route domain 0.

Fix Information

Enhanced bot defense to use resolvers from any corresponding route domain. However, bot defense does not support route domain modification of DNS resolvers. Resolvers must be deleted and created again in the correct route domain.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips