Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Fixed In:
13.0.0
Opened: Nov 18, 2016 Severity: 3-Major Related Article:
K03751651
DNS queries meant for local DNS servers are redirected to corporate DNS servers in case of split tunnel. This is typically not a problem because DNS servers configured in Network Access in APM probably resolve to all the queries. However, these might fail to resolve some queries if there are DNS servers configured with local entries.
Some DNS resolutions might fail.
-- DNS server and split tunnel are configured in Network Access configuration on APM. -- Tunnel established. -- 'Allow Local DNS servers' is enabled.
None.
Local traffic now resolves with local DNS servers when split tunnel is established and 'Allow Local DNS servers' is enabled.
When 'Allow Local DNS Server' is configured, /etc/resolv.conf now appends local DNS servers (after corporate DNS servers) to allow for local DNS resolution in case resolution fails with corporate DNS servers. In previous releases, the system ignored local DNS servers and passed all DNS resolution to corporate DNS servers. On Linux distributions (e.g., Ubuntu) where resolvconf is managing /etc/resolv.conf and dnsmasq is enabled, the behavior has not changed. Specifically, the system appends 127.0.1.1 to DNS servers configured on the BIG-IP system regardless of the 'Allow Local DNS servers' setting.