Last Modified: Nov 20, 2023
BIG-IP DNS, GTM, LTM
Known Affected Versions:
22.214.171.124, 15.1.3, 126.96.36.199, 15.1.4, 188.8.131.52, 15.1.5, 184.108.40.206, 15.1.6, 220.127.116.11, 15.1.7, 15.1.8, 18.104.22.168, 22.214.171.124, 15.1.9, 126.96.36.199
Opened: Feb 22, 2023 Severity: 3-Major
TMM leaks memory for Domain Name System Security Extensions (DNSSEC) requests.
TMM memory utilization increases over time and could crash due to Out of Memory (OOM) issue.
DNSSEC signing process is unable keep pace with the incoming DNSSEC requests.
A new DB variable dnssec.signwaitqueuecap is introduced to configure the limit for the software based crypto operations for DNSSEC. You can throttle the incoming DNSSEC requests based on the count of outstanding DNSSEC requests on crypto software queue. tmsh modify sys db dnssec.signwaitqueuecap value <value> this value sets the capacity per TMM process.