Last Modified: Apr 20, 2026
Affected Product(s):
BIG-IP (all modules)
Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2, 17.1.3, 17.1.3.1, 17.5.0, 17.5.1, 17.5.1.2, 17.5.1.3, 17.5.1.4, 17.5.1.5
Opened: Feb 16, 2026 Severity: 2-Critical
BIG-IP DNS may not return RRSIG records when queried directly via RRSIG type queries on DNSSEC-enabled zones.
BIG-IP-DNS may not respond to RRSIG type queries correctly. The response may differ for under apex records. If they exist, the response is NODATA; if they do not exist, the response is NXDOMAIN. BIG-IP should respond as this is a valid request with RRSIG for all types.
A DNSSEC zone is created on BIG-IP-DNS and a DNS query with type RRSIG is sent.
NA
None