Bug ID 556421: Occasional message length miscalculation in DNS messages over TCP

Last Modified: Nov 22, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1

Fixed In:
11.4.1 HF10

Opened: Nov 05, 2015
Severity: 3-Major

Symptoms

DNS messages over TCP passing through a DNS virtual may be marked as corrupt due to a message length miscalculation.

Impact

DNS messages over TCP passing through a DNS virtual may be marked as corrupt due to a message length miscalculation.

Conditions

A virtual must have a DNS profile assigned, a DNS message must be exactly two bytes longer than a multiple of the TCP segment size, and the TCP stack on the DNS client or resolver must bundle the first two bytes (the TCP message length) with the message in the first TCP segment.

Workaround

Use UDP with EDNS instead of TCP if possible. Alternatively, adjust the TCP MSS setting by a few bytes for the DNS virtual.

Fix Information

The DNS message length is now correctly calculated.

Behavior Change