Bug ID 808893: DNS DoS profile vectors do not function correctly

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP AFM, Install/Upgrade(all modules)

Known Affected Versions:
14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4

Fixed In:
17.0.0, 15.1.0, 14.1.4.6

Opened: Jul 24, 2019

Severity: 3-Major

Symptoms

Clients report that DNS TXT queries are not working. In /var/log/ltm, you see the following error: DOS attack start was detected for vector TXT query DOS.

Impact

DNS DoS detection and mitigation is not functioning correctly.

Conditions

This can occur when DNS profile DoS vectors are enabled. It can be encountered after upgrading.

Workaround

None.

Fix Information

DNS DoS profile vectors are now detected correctly.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips