Bug ID 685915: Allow unsigned DNS notifies if a DNS express zone's target server has no TSIG key configured

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP DNS(all modules)

Known Affected Versions:
12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1

Fixed In:
14.0.0

Opened: Sep 27, 2017

Severity: 2-Critical

Symptoms

If a DNS Express zone that has Verify Notify TSIG checked gets a notify with no TSIG at all, unsigned notifies are not processed.

Impact

Unsigned notifies are not processed

Conditions

Unigned notify is received when Verify Notify TSIG is checked.

Workaround

There is no workaround at this time.

Fix Information

This fix corrects an issue in TSIG handling when combined with NOTIFY messages for zone transfers

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips