Bug ID 703545: DNS::return iRule "loop" checking disabled

Last Modified: May 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7

Fixed In:
14.0.0, 13.1.0.8

Opened: Jan 24, 2018
Severity: 3-Major

Symptoms

In ID 517347, checking was added to attempt to detect infinite loops caused by improper use of the DNS::return iRule command. This is occasionally catching false positive loops resulting in connections being dropped incorrectly.

Impact

If a loop is erroneously detected, the connection will be dropped.

Conditions

A virtual with a DNS profile that is using the udp profile instead of the udp_gtm_dns profile. An iRule that uses the DNS::return command.

Workaround

Where possible use the udp_gtm_dns profile instead of udp on virtuals with a DNS profile. Where possible, use a "return" command immediately after the "DNS::return" command to prevent accidentally calling DNS::return multiple times.

Fix Information

The loop detection logic has been removed.

Behavior Change