Bug ID 957321: When BIG-IP contains an invalid DNS Resolver, Bot Defense might wrongly classify search engines as malicious

Last Modified: Jan 06, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,

Opened: Oct 20, 2020
Severity: 4-Minor


When the first DNS resolver is invalid, Bot Defense is unable to verify trusted bots, and is classifying them as malicious bots.


Bot Defense wrongly classifies valid search engines as malicious bots (and might block them if enforcement is enabled).


-- First DNS resolver in the list is invalid. -- Bot Defense profile is attached to a virtual server. -- Request from a search engine arrives.


Fix the first DNS resolver in the list. It's possible that the first DNS resolver is the built in DNS resolver "f5-aws-dns".

Fix Information


Behavior Change