Bug ID 655233: DNS Express using wrong TTL for SOA RRSIG record in NoData response

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP DNS, LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0.2, 13.1.0, 12.1.3.1

Opened: Apr 04, 2017

Severity: 3-Major

Related Article: K93338593

Symptoms

DNS Express returns an incorrect TTL for the SOA RRSIG record in a NoData response.

Impact

This brings the behavior in line with RFC2308. There is no known functional impact.

Conditions

-- DNS Express configured. -- A query that results in a NoData response and DNSSEC signing requested.

Workaround

There is no workaround.

Fix Information

The TTL of the RRSIG record now matches the TTL of the covered SOA record.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips