Bug ID 957321: When BIG-IP contains an invalid DNS Resolver, Bot Defense might wrongly classify search engines as malicious

Last Modified: Jan 06, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1

Opened: Oct 20, 2020
Severity: 4-Minor

Symptoms

When the first DNS resolver is invalid, Bot Defense is unable to verify trusted bots, and is classifying them as malicious bots.

Impact

Bot Defense wrongly classifies valid search engines as malicious bots (and might block them if enforcement is enabled).

Conditions

-- First DNS resolver in the list is invalid. -- Bot Defense profile is attached to a virtual server. -- Request from a search engine arrives.

Workaround

Fix the first DNS resolver in the list. It's possible that the first DNS resolver is the built in DNS resolver "f5-aws-dns".

Fix Information

None

Behavior Change

Have a question?

About F5

Education

F5 sites

Support Tasks

© F5, Inc. All rights reserved. Policies | Privacy | Trademarks