Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP DNS
Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1
Fixed In:
14.1.0, 13.1.1.5, 12.1.4
Opened: Jul 18, 2018 Severity: 3-Major
During zone transfers into DNS Express, partial zone data may be available until the transfer completes.
Partial zone data will be served, including possible NXDOMAIN or NODATA messages. This happens until zone1 finishes and saves to the database, at which time both zones' data will be complete and correct.
-- Two zones being transferred during the same time period + zone1.example.net + zone2.example.net -- Transfer of zone1 has started, but not finished. -- zone2 starts a transfer and finishes before zone1 finishes, meaning that the database might be updated with all of the zone2 data, and only part of the zone1 data.
The workaround is to limit the number of concurrent transfers to 1. However this severely limits the ability of DNS Express to update zones in a timely fashion if there are many zones and many updates.
All zone transfers are now staged until they are complete. The zone transfer data is then saved to the database. Only when the zone data has completed updating to the database will the data be available to queries.