Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP DNS, GTM
Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
13.1.0
Opened: Aug 31, 2016 Severity: 3-Major
When a Wide-IP is created, or a pool member is added/removed from a pool associated with the wideip, updates are sent to the on-box BIND to create/update/delete the matching resource records. Some of these updates could possibly be lost if there are a large number of changes happening rapidly.
Not every wideip will have the appropriate resource records in bind. If the BIG-IP is functioning normally and answering DNS queries, then this is not a problem. If GTM is down but the on-box bind is still functioning, BIND could have answered DNS queries for the wideip. This situation could also come up right after the BIG-IP has rebooted where GTM is not fully initialized, but BIND is up.
If the BIG-IP is a member of a DNS/GTM sync-group and "synchronize-zone-files" is enabled.
There are some options: 1) Delete and recreate any affected wideips. Alternatively remove and re-add the pool members. 2) To avoid this condition if you know you will be adding many wideips, you could stop csyncd before and renable right after. "bigstart stop csyncd", create wips, "bigstart start csyncd".
Eliminate race condition with creating BIND resource records when creating many Wide-IPs.
1) Changes made directly to the BIND zone files in /var/named/config/namedb/ will not be automatically reloaded. The recommended steps provided by ISC for bind with dynamic zones should be used to freeze/thaw the zone to prevent conflicts. For example: a. Run 'rndc freeze example.com.' b. <edit the zone file in /var/named/config/namedb making sure to increment the zone serial number> c. Run 'rndc thaw example.com.' Note that BIND will reject dynamic updates while the zone is frozen so the zone should be left frozen only for the shortest amount of time possible. Resource records created by the BIG-IP for Wide-ips or using ZoneRunner will be refused and lost if the zone is frozen. 2) Changes made to /var/named/config/named.conf will not be reloaded automatically if DNS(GTM) is not provisioned. The 'rndc reconfig' or 'rndc reload' command should be used to load any changes made to the named.conf file.