Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP DNS, LTM
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2
Fixed In:
13.0.0, 12.1.2 HF1, 11.6.1 HF2
Opened: Oct 07, 2016 Severity: 3-Major
A DNS query with the DO-bit set to 1 will bypass the RPZ filter on a DNS Cache.
Queries with DO-bit set to 1 will bypass the RPZ filter and be answered normally.
A DNS Cache configured with RPZ.
None
The DO-bit is now ignored with respect to RPZ filtering.