Last Modified: Dec 17, 2025
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
17.5.1.3
Opened: Oct 26, 2025 Severity: 2-Critical
Tmm crashes are observed for specific configurations where log_data_autodos or related settings (log_data_dos_nxdomain) are used. The crash occurs for every 1 to 2 hours after DNS NXDOMAIN learning begins. Logs from the crash may indicate issues in protocol_dns_dos_nxdomain_field_attack_name() function or references to log_data_dos_nxdomain. DNS NXDOMAIN learning fails entirely and does not function as expected, preventing proper logging or learning.
Traffic disrupted while tmm restarts.
This can occur 1-2 hours after enabling log_data_autodos or log_data_dos_nxdomain
Set the dos.dnsnxdomain.learnperiod parameter to a larger value that is more comfortable for the situation.
None