Bug ID 963237: Non-EDNS response with RCODE FORMERR are blocked by AFM MARFORM vector.

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,, 14.0.0,,,,,, 14.0.1,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 16.0.0,, 16.0.1

Fixed In:
16.1.0,, 15.1.3, 14.1.4

Opened: Nov 06, 2020

Severity: 3-Major


When a client sends a DNS request to a NON EDNS capable server, the server may send a legitimate response with RCODE FORMERR and no DNS data. The MALFORM DNS vector blocks those requests.


AFM erroneously detects an attack and mitigates it, and the client does not get a responses from the EDNS server


-- The client sends a DNS request to NON EDNS capable server -- The server replies with RCODE FORMERR and no DNS data.


Disable DNS MALFORM vector mitigation or put the EDNS server in allow list.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips