Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP DNS
Known Affected Versions:
11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5
Fixed In:
13.0.0, 12.1.3.6, 11.6.5.3
Opened: Aug 08, 2016 Severity: 3-Major
When a DNS query sets the RD flag, that setting is supposed to be copied to the response. When a DNS query is handled by a cache local zone, the RD flag is not set properly.
The flag is not set properly in the DNS response. This most likely will only be noticed by protocol validation tools as standard DNS clients generally do not check this bit.
A DNS cache local zone must be configured and a DNS query with the RD flag set must be handled by this local zone.
Use an equivalent DNS Express configuration instead of the local zone.
The fix is to properly check the RD flag on the query so that it can be copied to the response.