Bug ID 1156753

Bug Tracker
ID 1156753

Bug ID 1156753: Valid qname DNS query handled as malformed packets in hardware (qnames starting with underscore )

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP AFM(all modules)

Fixed In:
17.1.1

Opened: Sep 20, 2022

Severity: 3-Major

Symptoms

'DNS malformed' DoS vector drops valid DNS queries for qnames that begin with an underscore character.

Impact

Legitimate DNS queries are dropped by the DoS engine.

Conditions

DoS is being offloaded in hardware.

Workaround

-- Disable hardware DoS acceleration for all vectors (dos.forceswdos). or: -- Disable this specific DoS vector. -- In some cases, if the request is sent from a known valid IP, you can also add this IP address to an allow list; however, this will bypass all DoS vectors for this IP address.

Fix Information

'DNS malformed' DoS vector correctly handles valid DNS queries for qnames that begin with an underscore character.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips