Bug ID 430649: Configuration validation required to ensure DNS or SIP DoS profiles are only associated with virtual servers using DNS or SIP profiles.

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:

Fixed In:

Opened: Sep 14, 2013
Severity: 3-Major
Related AskF5 Article:


It is possible to attach a DoS profile that has DNS settings to a virtual-server that doesn't have a DNS profile. The result will be that DNS security doesn't really take place but a user is unaware of this scenario any may think that he has a DoS protection on that VIP. Virtual servers are not protected against DNS and SIP DoS attacks despite the attached dos profiles having corresponding DNS and SIP embedded profiles configured.


Virtual servers aren't protected versus SIP and DNS DoS attacks due to non validated misconfiguration.


Virtual servers are attached with dos profiles having corresponding DNS and/ or SIP embedded profiles configured but not attached with DNS and/ or SIP profiles.


Make sure SIP and/or DNS profiles are attached to the virtual servers.

Fix Information

The system now validates a virtual server to which a DNS DoS and/or SIP DoS profile is assigned, to ensure that the virtual server includes a SIP or DNS profile.

Behavior Change