Bug ID 490225: Duplicate DNSSEC keys can cause failed upgrade.

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP GTM, Install/Upgrade, LTM(all modules)

Known Affected Versions:
10.2.4, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3

Fixed In:
12.1.0, 12.0.0, 11.6.0 HF4, 11.5.2, 11.4.1 HF10

Opened: Nov 12, 2014
Severity: 2-Critical
Related AskF5 Article:
K16030

Symptoms

When DNSSEC keys are stored in HSM and the system is upgraded, config load can fail because of duplicate keys in HSM.

Impact

Failed upgrade or config load.

Conditions

DNSSEC keys in HSM. Upgrade or UCS load of configuration that contains the same keys.

Workaround

None.

Fix Information

BIG-IP DNS/mcpd now checks for an existing key and does not import keys that already exist.

Behavior Change