Bug ID 685915: Allow unsigned DNS notifies if a DNS express zone's target server has no TSIG key configured

Last Modified: Jan 29, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP DNS(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4

Fixed In:
14.0.0

Opened: Sep 27, 2017
Severity: 2-Critical

Symptoms

If a DNS Express zone that has Verify Notify TSIG checked gets a notify with no TSIG at all, unsigned notifies are not processed.

Impact

Unsigned notifies are not processed

Conditions

Unigned notify is received when Verify Notify TSIG is checked.

Workaround

There is no workaround at this time.

Fix Information

This fix corrects an issue in TSIG handling when combined with NOTIFY messages for zone transfers

Behavior Change