Bug ID 452443: DNS cache resolver cannot send egress traffic on a VLAN with src-ip or dst-ip cmp hash configured

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP GTM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0, 11.6.5.3, 11.6.1, 11.5.5

Opened: Mar 14, 2014

Severity: 3-Major

Symptoms

DNS cache resolver or validating resolver does not function properly and fails to resolve DNS requests.

Impact

It is difficult to both use non-default cmp hashes on system VLANs and use a DNS cache resolver on the same BIG-IP system.

Conditions

BIG-IP system is using non-default cmp hashes configured on its egress VLANs.

Workaround

Configure a separate VLAN for the cache resolver's use that uses the default cmp hash. Set the system's default route to direct resolver traffic to this VLAN. This VLAN can be placed in a new route domain, if other features require route domain zero's default route pointing elsewhere.

Fix Information

DNS cache resolver or validating resolver now functions properly, successfully resolving DNS requests when using non-default cmp hashes configured on its egress VLANs.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips