Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP DNS
Known Affected Versions:
11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7
Fixed In:
12.1.4, 11.6.3.4, 11.5.8
Opened: Nov 19, 2018
Severity: 3-Major
DNS Express does not always include an EDNS OPT Record in responses to queries that contain an EDNS OPT Record.
DNS Express responses might not contain the RFC-required ENDS0 record. Some compliance tools and upstream DNS servers may consider the BIG-IP non-compliant, and report it as such. This is occurring now because of the changes coming that remove certain workarounds on February 1st, 2019. This is known as DNS Flag Day. All network configurations on the internet will be affected by this change, but only some DNS servers will be negatively impacted. Fixes for this issue handle the conditions that were once handled by those workarounds.
Queries to DNS Express containing an ENDS0 record it does not understand.
None.
Corrected EDNS OPT record handling in DNS Express. Note: The EDNS Compliance Tester should produce output similar to the following when run against DNS Express: example1.com. @10.10.10.125 (ns.example1.com.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok signed=ok ednstcp=ok
