Bug ID 651961: AVR is not called for DNS packets when AFM is not provisioned.

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0

Opened: Mar 17, 2017

Severity: 3-Major

Related Article: K55546132

Symptoms

AVR DNS analytics are not available with avr-dnsstat-sample-rate setting to non-zero on the DNS profile when AFM is not provisioned. When this occurs, the system presents error messages. -- In the GUI, Statistics :: Analytics :: DNS returns a message similar to the following: There is no data to display either due to the lack of relevant traffic, or due to the settings of the filter. -- In tmsh, the command and return message appear as follows: # tmsh show analytics dns report view-by domain-name ---------------------- Analytics query result ---------------------- No data available

Impact

No DNS analytics data available. Cannot see AVR data for DNS resolutions.

Conditions

This issue occurs when all of the following conditions in either scenario are met: Scenario A =========== -- AFM is not provisioned. -- There is a virtual server configured with DNS and Analytics profiles. -- The virtual server processes traffic. Scenario B =========== -- AFM is provisioned. -- The DNS profile option 'enable-dns-firewall' is not set to 'yes' (DNS :: Delivery : Profiles : DNS :: Properties : <profile name> in the GUI). -- A DoS profile (security dos profile) is associated with the virtual server.

Workaround

None.

Fix Information

AVR DNS analytics are now available with avr-dnsstat-sample-rate setting to non-zero on the DNS profile when AFM is not provisioned.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips