Symptoms

A query with EDNS0 client subnet option is treated as malformed by Global Traffic Manager (GTM) and Link Controller which causes query to fall back to BIND. On Link Controller this results in REFUSED response. On GTM with records in Bind this results in a sub-optimal non-GSLB answer. On GTM without records, this results in an NXDOMAIN, also bad.

Impact

Queries fail to return satisfactory response. These should just be Google probes, but failing queries from customer traffic could also be sent with client-subnet option.

Conditions

Authoritative nameservers receiving queries from LDNS which is client-subnet option capable, for example, Google DNS. GTM configured to LB wideips; potentially LC. Potentially with or without Bind backup for wideip names.

Workaround

iRule which removes EDNS0 options from a query. Note this only works with LTM licensed BIG-IP systems; this will not work with an LC license.

Fix Information

Any EDNS0 options are ignored by GTM and not considered malformed.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips