Bug ID 685915: Allow unsigned DNS notifies if a DNS express zone's target server has no TSIG key configured

Last Modified: Nov 22, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP DNS(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,

Fixed In:

Opened: Sep 27, 2017
Severity: 2-Critical


If a DNS Express zone that has Verify Notify TSIG checked gets a notify with no TSIG at all, unsigned notifies are not processed.


Unsigned notifies are not processed


Unigned notify is received when Verify Notify TSIG is checked.


There is no workaround at this time.

Fix Information

This fix corrects an issue in TSIG handling when combined with NOTIFY messages for zone transfers

Behavior Change