Bug ID 490225: Duplicate DNSSEC keys can cause failed upgrade.

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP GTM, Install/Upgrade, LTM(all modules)

Known Affected Versions:
10.2.4, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3

Fixed In:
12.0.0, 11.6.0 HF4, 11.5.2, 11.4.1 HF10

Opened: Nov 12, 2014
Severity: 2-Critical
Related AskF5 Article:


When DNSSEC keys are stored in HSM and the system is upgraded, config load can fail because of duplicate keys in HSM.


Failed upgrade or config load.


DNSSEC keys in HSM. Upgrade or UCS load of configuration that contains the same keys.



Fix Information

BIG-IP DNS/mcpd now checks for an existing key and does not import keys that already exist.

Behavior Change