Bug ID 936361: IPv6-based bind (named) views do not work

Last Modified: Nov 23, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP DNS, GTM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2

Opened: Aug 13, 2020
Severity: 3-Major

Symptoms

Bind does not match IPv6 addresses configured for a zone view, and returns REFUSED responses, rather than the expected answers. After enabling debug logging in bind (see K14680), the apparent source address of the IPv6 DNS requests shows as being in the fe80::/96 range, rather than the IPv6 source address that sent the request. For example: debug 1: client @0x579bf188 fe80::201:23ff:fe45:6701%10#4299: no matching view in class 'IN'

Impact

You cannot use DNS views in bind (zonerunner) based on IPv6 addresses.

Conditions

- BIG-IP DNS is provsioned - One or more ZoneRunner views is defined using IPv6 addresses. - A DNS query is sent from an IPv6 source address

Workaround

If possible, use only IPv4 addresses to define views for DNS queries

Fix Information

None

Behavior Change