Bug ID 655233: DNS Express using wrong TTL for SOA RRSIG record in NoData response

Last Modified: Jan 13, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP DNS, LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:, 13.1.0,

Opened: Apr 04, 2017
Severity: 3-Major
Related AskF5 Article:


DNS Express returns an incorrect TTL for the SOA RRSIG record in a NoData response.


This brings the behavior in line with RFC2308. There is no known functional impact.


-- DNS Express configured. -- A query that results in a NoData response and DNSSEC signing requested.


There is no workaround.

Fix Information

The TTL of the RRSIG record now matches the TTL of the covered SOA record.

Behavior Change