Bug ID 783125: iRule drop command on DNS traffic without Datagram-LB may cause TMM crash

Last Modified: Jun 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP DNS, LTM(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,,, 14.0.0,,,,,, 14.1.0,,,,,,, 15.0.0

Opened: May 17, 2019
Severity: 2-Critical


The TMM may crash and restart when an iRule on a DNS virtual server performs the 'drop' command while the BIG-IP system is handling both a DNS request and DNS response at the same time for the same DNS client IP and port without UDP Datagram-LB.


TMM crash or restart. Traffic impacted. Traffic disrupted while tmm restarts.


-- The BIG-IP instance has two or more TMM processes as a result of having two or more physical cores or virtual CPUs. -- A virtual server with both DNS and UDP profiles and one or more iRules. -- The UDP profile has Datagram LB disabled. -- The iRules have a 'drop' command. -- The iRules have a DNS_REQUEST and/or DNS_RESPONSE event with an iRule command that require coordinating data with another TMM on the system, such as the 'table' command.


F5 strongly recommends using a UDP profile with Datagram-LB enabled for DNS UDP virtual servers. Alternatively, replace the 'drop' command with DNS::drop in DNS_REQUEST and DNS_RESPONSE events, or with UDP::drop in other iRule events. See the respective references pages for DNS::drop and UDP::drop for the Valid Events each iRule command is available in: https://clouddocs.f5.com/api/irules/DNS__drop.html https://clouddocs.f5.com/api/irules/UDP__drop.html

Fix Information


Behavior Change