Bug ID 778321: No validation for DNS Address Space entry

Last Modified: Jul 24, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4

Fixed In:
16.0.0

Opened: Apr 30, 2019
Severity: 3-Major

Symptoms

The GUI allows an admin to enter an IP address in DNS Address Space fields. This causes an exception and prevents the Edge Client from connecting when using machine tunnels.

Impact

Machine Tunnels fail to connect when DNS Address Space is configured, and although the log message written on the client is helpful in resolving the issue, the misconfiguration should not be allowed.

Conditions

The UI accepts an IP Address as valid input, when it should not. If the network access profile is used for the Edge Client, the network works as expected, so essentially the Edge Client ignore the invalid configuration. However, if the same network access profile is used for a Machine Tunnel, the Machine Tunnel creates an exception and the VPN does not load.

Workaround

Remove the IP address in DNS Address Space field.

Fix Information

Validation was added to prevent IP addresses from being added to DNS Address Space and DNS Exclude Address Space.

Behavior Change