Bug ID 632423: DNS::query can cause tmm crash if AXFR/IXFR types specified.

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP DNS(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2

Fixed In:
13.0.0, 12.1.2 HF1, 11.6.3.3, 11.5.7

Opened: Dec 07, 2016
Severity: 3-Major
Related AskF5 Article:
K40256229

Symptoms

Passing "AXFR" or "IXFR" as the type to the DNS::query iRule command can cause a tmm crash.

Impact

tmm will crash and restart every time this command is issued. Traffic disrupted while tmm restarts.

Conditions

DNS Express must be enabled when one of the XFR types is used in the DNS::query iRule command.

Workaround

Do not explicitly use AXFR or IXFR query types. If the [DNS::question type] command is being used to dynamically pass in the type, add a preceding check similar to the following: if { not [DNS::question type] ends_with "XFR" } { set rrs [DNS::query dnsx [DNS::question name] [DNS::question type]] }

Fix Information

The iRule now provides an error message in /var/log/ltm indicating that AXFR and IXFR are not valid types to use with the DNS::query command, and no tmm crash occurs as a result.

Behavior Change