Last Modified: Oct 19, 2025
Affected Product(s):
BIG-IP DNS
Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 16.1.5.2, 16.1.6, 16.1.6.1, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2, 17.1.3
Opened: Feb 29, 2024 Severity: 3-Major
When DNS Express zxfrd loses connection to the upstream DNS provider when updating the zone via AXFR, the entire zone database is emptied out.
This causes clients that rely on DNS Express to not get any responses back and may result in a domain outage.
DNS Express is configured to get zone information from a nameserver, and that nameserver becomes unavailable.
Configure the local bind via zonerunner to act as the secondary server. Then, configure DNS Express to use the local bind (127.0.0.1) as the name server for the zone. One drawback to this is that the local bind server will use up control-plane resources and is not optimized to serve large zones.
None