Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP DNS
Known Affected Versions:
17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.9, 15.1.8, 15.1.7
Fixed In:
17.5.0, 17.1.2, 16.1.5
Opened: Aug 17, 2022 Severity: 3-Major
DNS express sends a malformed response when the UDP size limit is set to 512.
Malformed DNS express responses are received when the UDP size limit is set to exactly 512 and a zone is signed with algorithm 13.
- The UDP size limit is set to 512 and a zone signed with algorithm 13 (ECDSA Curve P-256 with SHA-256), the DNS express responds with a malformed packet. - Malformed responses were also seen without DNSSec; when the message size was equal to the EDNS buffer size advertised by the client. --Malformed response for nslookup without DNSSec.
None
None