Last Modified: Nov 22, 2021
Affected Product:
See more info
BIG-IP LTM
Known Affected Versions:
11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1
Fixed In:
11.4.1 HF10
Opened: Nov 05, 2015
Severity: 3-Major
DNS messages over TCP passing through a DNS virtual may be marked as corrupt due to a message length miscalculation.
DNS messages over TCP passing through a DNS virtual may be marked as corrupt due to a message length miscalculation.
A virtual must have a DNS profile assigned, a DNS message must be exactly two bytes longer than a multiple of the TCP segment size, and the TCP stack on the DNS client or resolver must bundle the first two bytes (the TCP message length) with the message in the first TCP segment.
Use UDP with EDNS instead of TCP if possible. Alternatively, adjust the TCP MSS setting by a few bytes for the DNS virtual.
The DNS message length is now correctly calculated.