Bug ID 708888: Some DNS truncated responses may not be processed by BIG-IP

Last Modified: May 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5

Fixed In:
14.0.0, 13.1.0.6

Opened: Mar 05, 2018
Severity: 2-Critical
Related AskF5 Article:
K79814103

Symptoms

On 13.1.x DNS responses with truncated bit set are dropped when AFM DNS DoS is enabled.

Impact

Clients do not receive truncated DNS responses.

Conditions

-- AFM DNS DoS is enabled. -- Using 13.1.x.

Workaround

Disable DNS DoS protection by changing the dos.dnsport variable to another port for which there is no valid traffic. For instance: tmsh modify sys db dos.dnsport value 54

Fix Information

None

Behavior Change