Last Modified: Oct 15, 2025
Affected Product(s):
BIG-IP DNS
Known Affected Versions:
17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2, 17.1.3
Fixed In:
17.5.1
Opened: Nov 27, 2024 Severity: 3-Major
When BIG-IP processes responses from upstream name servers, it strips the Extended DNS Error (EDE) information, which provides additional details about the cause of DNS errors.
DNS clients will not receive additional information about the cause of DNS errors.
-- BIG-IP is configured with a listener that has a DNS profile to process DNS queries. -- DNS requests from clients include the EDNS (Extension Mechanisms for DNS) flag.
None
With the fix, BIG-IP is now able to process and respond to clients with Extended DNS Errors (EDE) information that it receives from upstream name servers. We have exposed the fix through a Db variable called dns.forwardextendeddnserrorcode. By default, the Extended DNS Errors(EDE) support is disabled. If you want to enable EDE support you can change the Db variable value to enable. sys db dns.forwardextendeddnserrorcode { value "enable" } To avoid truncation due to lengthy extra text that is part of the EDE, we have limited it to 64 bytes.