Bug ID 497584: The RA bit on DNS response may not be set

Last Modified: Oct 17, 2023

Affected Product(s):
BIG-IP GTM, LTM(all modules)

Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.6.0, 11.6.1, 11.6.2, 11.6.3,,,,, 11.6.4, 11.6.5,,,, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0, 11.6.0 HF5, 11.5.3 HF2, 11.4.1 HF9

Opened: Dec 18, 2014

Severity: 3-Major

Related Article: K17308


Under some circumstances, the recursion available (RA) bit may be unset in responses from DNS cache.


The impact of this issue is that recursion available is not signaled to clients so they may not treat the DNS cache as an available resolver.


If the system caches a message from the authoritative server without the rd bit, and subsequent queries with rd set find that message, the first message will not be used because the rd bit is not set. In this case, the operation falls back to the rrset cache and composes a message, but leaves the RA bit unset. This is appropriate for the transparent cache, but not the non-transparent cache.


To work around this issue, write an iRule to set the RA bit when the cache is a resolver. Must also check origin for CACHE.

Fix Information

The RA bit is set for the response when the cache resolver answers the query from the fast path.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips