Bug ID 685915: Allow unsigned DNS notifies if a DNS express zone's target server has no TSIG key configured

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP DNS(all modules)

Known Affected Versions:
12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,

Fixed In:

Opened: Sep 27, 2017

Severity: 2-Critical


If a DNS Express zone that has Verify Notify TSIG checked gets a notify with no TSIG at all, unsigned notifies are not processed.


Unsigned notifies are not processed


Unigned notify is received when Verify Notify TSIG is checked.


There is no workaround at this time.

Fix Information

This fix corrects an issue in TSIG handling when combined with NOTIFY messages for zone transfers

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips