Bug ID 724847: DNS traffic does not get classified for AFM port misuse case

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP AFM, PEM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3

Fixed In:
14.1.0, 14.0.0, 13.1.1.4

Opened: Jun 20, 2018
Severity: 3-Major
Related AskF5 Article:
K95010813

Symptoms

When DNS query name has a label length of greater than 23 bytes, it does not get classified as DNS.

Impact

DNS does not get classified properly for some cases.

Conditions

-- AFM provisioned. -- A port misuse policy for DNS and a service policy configured. -- DNS query name with label length of greater than 23 bytes.

Workaround

There is no workaround at this time.

Fix Information

Allowed DNS label length is now 64 bytes, so any DNS query name where each label name is fewer than 64 byes is now properly classified.

Behavior Change