Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP GTM, Link Controller
Known Affected Versions:
10.2.2, 10.2.4
Fixed In:
10.2.4 HF12
Opened: Oct 06, 2014 Severity: 3-Major Related Article:
K17328
A query with EDNS0 client subnet option is treated as malformed by Global Traffic Manager (GTM) and Link Controller which causes query to fall back to BIND. On Link Controller this results in REFUSED response. On GTM with records in Bind this results in a sub-optimal non-GSLB answer. On GTM without records, this results in an NXDOMAIN, also bad.
Queries fail to return satisfactory response. These should just be Google probes, but failing queries from customer traffic could also be sent with client-subnet option.
Authoritative nameservers receiving queries from LDNS which is client-subnet option capable, for example, Google DNS. GTM configured to LB wideips; potentially LC. Potentially with or without Bind backup for wideip names.
iRule which removes EDNS0 options from a query. Note this only works with LTM licensed BIG-IP systems; this will not work with an LC license.
Any EDNS0 options are ignored by GTM and not considered malformed.