Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP All
Known Affected Versions:
11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5
Fixed In:
13.0.0, 12.1.5.1
Opened: Jun 01, 2016 Severity: 3-Major
Modifying the System DNS nameserver and search order configuration does not always sync during an incremental sync if modified in the GUI or tmsh modify sys db.
Modifications will not change the sync status nor sync the change to peers.
The device is in a failover device group with incremental sync turned on. In the GUI, modify the DNS Lookup Server List or the DNS Search Domain List fields under System >> Configuration : Device : DNS. In tmsh, tmsh modify sys db dns.nameserver (or dns.domainname), and in some cases tmsh modify sys dns name-servers (or search)
Perform a full sync or use 'tmsh modify sys dns name-servers replace-all-with' or 'tmsh modify sys dns search replace-all-with'. Optionally, to get this setting to sync, modify the file /config/BigDB.dat to set realm=common for [DNS.NameServers] and [DNS.DomainName] and restart mcpd on all devices in the failover device group. However, this file may get overridden on a hotfix or upgrade.
The sys db variables dns.domainname and dns.nameserver will now always sync across your failover device group.