Bug ID 655233: DNS Express using wrong TTL for SOA RRSIG record in NoData response

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP DNS, LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0.2, 13.1.0, 12.1.3.1

Opened: Apr 04, 2017
Severity: 3-Major
Related AskF5 Article:
K93338593

Symptoms

DNS Express returns an incorrect TTL for the SOA RRSIG record in a NoData response.

Impact

This brings the behavior in line with RFC2308. There is no known functional impact.

Conditions

-- DNS Express configured. -- A query that results in a NoData response and DNSSEC signing requested.

Workaround

There is no workaround.

Fix Information

The TTL of the RRSIG record now matches the TTL of the covered SOA record.

Behavior Change