Bug ID 483021: EDNS0 client subnet option treated as malformed

Last Modified: Feb 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP GTM, Link Controller(all modules)

Known Affected Versions:
10.2.2, 10.2.4

Fixed In:
10.2.4 HF12

Opened: Oct 06, 2014
Severity: 3-Major
Related AskF5 Article:
K17328

Symptoms

A query with EDNS0 client subnet option is treated as malformed by Global Traffic Manager (GTM) and Link Controller which causes query to fall back to BIND. On Link Controller this results in REFUSED response. On GTM with records in Bind this results in a sub-optimal non-GSLB answer. On GTM without records, this results in an NXDOMAIN, also bad.

Impact

Queries fail to return satisfactory response. These should just be Google probes, but failing queries from customer traffic could also be sent with client-subnet option.

Conditions

Authoritative nameservers receiving queries from LDNS which is client-subnet option capable, for example, Google DNS. GTM configured to LB wideips; potentially LC. Potentially with or without Bind backup for wideip names.

Workaround

iRule which removes EDNS0 options from a query. Note this only works with LTM licensed BIG-IP systems; this will not work with an LC license.

Fix Information

Any EDNS0 options are ignored by GTM and not considered malformed.

Behavior Change