Bug ID 724847: DNS traffic does not get classified for AFM port misuse case

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP AFM, PEM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3

Fixed In:
14.1.0, 14.0.0, 13.1.1.4

Opened: Jun 20, 2018

Severity: 3-Major

Related Article: K95010813

Symptoms

When DNS query name has a label length of greater than 23 bytes, it does not get classified as DNS.

Impact

DNS does not get classified properly for some cases.

Conditions

-- AFM provisioned. -- A port misuse policy for DNS and a service policy configured. -- DNS query name with label length of greater than 23 bytes.

Workaround

There is no workaround at this time.

Fix Information

Allowed DNS label length is now 64 bytes, so any DNS query name where each label name is fewer than 64 byes is now properly classified.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips