Bug ID 703545: DNS::return iRule "loop" checking disabled

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:

Fixed In:

Opened: Jan 24, 2018

Severity: 3-Major


In ID 517347, checking was added to attempt to detect infinite loops caused by improper use of the DNS::return iRule command. This is occasionally catching false positive loops resulting in connections being dropped incorrectly.


If a loop is erroneously detected, the connection will be dropped.


A virtual with a DNS profile that is using the udp profile instead of the udp_gtm_dns profile. An iRule that uses the DNS::return command.


Where possible use the udp_gtm_dns profile instead of udp on virtuals with a DNS profile. Where possible, use a "return" command immediately after the "DNS::return" command to prevent accidentally calling DNS::return multiple times.

Fix Information

The loop detection logic has been removed.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips