Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.6.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.0.0, 11.6.1, 11.5.4 HF3
Opened: Mar 12, 2015 Severity: 3-Major
UDP responses from the DNS cache were not truncated properly. This is primarily seen in DNS tools, such as dig or Wireshark that would mark the response as malformed. Regular resolver clients handled the responses correctly noting the tc bit in the response header.
Packets may be flagged as malformed by DNS packet analyzers. There are no known issues with regular DNS client resolvers.
UDP DNS responses larger than the size requested by the client, typically 512 bytes.
None
The DNS Cache now properly fills in response data and handles truncation as expected.