Bug ID 596815: System DNS nameserver and search order configuration does not always sync to peers

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP All(all modules)

Known Affected Versions:
11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5

Fixed In:
13.0.0, 12.1.5.1

Opened: Jun 01, 2016

Severity: 3-Major

Symptoms

Modifying the System DNS nameserver and search order configuration does not always sync during an incremental sync if modified in the GUI or tmsh modify sys db.

Impact

Modifications will not change the sync status nor sync the change to peers.

Conditions

The device is in a failover device group with incremental sync turned on. In the GUI, modify the DNS Lookup Server List or the DNS Search Domain List fields under System >> Configuration : Device : DNS. In tmsh, tmsh modify sys db dns.nameserver (or dns.domainname), and in some cases tmsh modify sys dns name-servers (or search)

Workaround

Perform a full sync or use 'tmsh modify sys dns name-servers replace-all-with' or 'tmsh modify sys dns search replace-all-with'. Optionally, to get this setting to sync, modify the file /config/BigDB.dat to set realm=common for [DNS.NameServers] and [DNS.DomainName] and restart mcpd on all devices in the failover device group. However, this file may get overridden on a hotfix or upgrade.

Fix Information

The sys db variables dns.domainname and dns.nameserver will now always sync across your failover device group.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips