Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP APM
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1
Opened: Dec 01, 2016
Severity: 3-Major
Linux distributions using resolvconf to manage /etc/resolv.conf patch this file differently than distributions that do not use the resolvconf utility. For resolvconf-based distributions, the /etc/resolv.conf file always contains an entry for 127.0.0.1 (pointing to DNS forwarders like dnsmasq). For non-resolvconf-based distributions, the DNS subsystem appends DNS servers configured in network access for split tunnel and for full tunnel, replacing the DNS server completely. Problem with resolvconf-based distributions is that DNS servers are still prepended for split tunnel, this causes DNS queries to go the corporate DNS servers even "allow local DNS server" is configured on DNS.
DNS queries that should not reach to the corporate DNS server are still sent to it on resolvconf-based systems.
Linux distribution with resolvconf package configured. Network access in split tunnel mode with DNS server configured in it. "Allow Local DNS server" configured in network access settings.
To use the behavior expected with /etc/resolv.conf, remove the resolvconf package from the system.
None
