Last Modified: Oct 07, 2023
Affected Product(s):
BIG-IP DNS, LTM
Known Affected Versions:
11.2.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5
Fixed In:
13.1.0, 13.0.0, 12.1.3.6, 11.6.5.3
Opened: Jan 06, 2017 Severity: 3-Major Related Article:
K60414305
A DNS Validating Resolver incorrectly validates DNS responses received from A queries made as a result of a front-end AAAA query received on a profile with DNS64 configured. A SERVFAIL response may be sent to the client unless the Validating Resolver cache has previously successfully validated a front-end A query. In this scenario where the A records already exist in the cache, the expected DNS64 AAAA records are synthesized.
Incorrect SERVFAIL responses for AAAA queries that should get valid responses.
This issue may be observed with a DNS Validating Resolver configured on a DNS profile with DNS64 configured when processing AAAA queries.
None.
DNS validation now occurs as expected, resulting in valid answers to AAAA queries.