Bug ID 490225: Duplicate DNSSEC keys can cause failed upgrade.

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP GTM, Install/Upgrade, LTM(all modules)

Known Affected Versions:
10.2.4, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3

Fixed In:
12.0.0, 11.6.0 HF4, 11.5.2, 11.4.1 HF10

Opened: Nov 12, 2014

Severity: 2-Critical

Related Article: K16030


When DNSSEC keys are stored in HSM and the system is upgraded, config load can fail because of duplicate keys in HSM.


Failed upgrade or config load.


DNSSEC keys in HSM. Upgrade or UCS load of configuration that contains the same keys.



Fix Information

BIG-IP DNS/mcpd now checks for an existing key and does not import keys that already exist.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips