Bug ID 639606: If mcpd fails to load DNSSEC keys then signing does not happen and no error logged

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4

Fixed In:
16.0.0

Opened: Jan 16, 2017
Severity: 3-Major

Symptoms

MCPD successfully loads configuration when it's not able to decrypt DNSSEC Key generation.

Impact

The configuration successfully loads but BIG-IP is not able to sign Resource Records.

Conditions

MCPD loads configuration with DNSSEC Key generation encrypted by master key which has been changed.

Workaround

None

Fix Information

MCPD throw error if not able to decrypt private text of DNSSEC Key generation with current master key.

Behavior Change