Operational Defect Database
BugZero found this defect 808 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
F5 | 1084917
Excluded domain public route to excluded DNS-resolved IP addresses is not added
Last update date:
5/9/2024
Affected products:
APM-Clients
APM-Clients APM
Affected releases:
7.2.1.5
7.2.2
7.2.2.1
7.2.2.2
7.2.3
7.2.3.1
7.2.4
7.2.4.2
7.2.4.3
7.2.4.4
7.2.4.5
7.2.4.6
Fixed releases:
No fixed releases provided.
Description:
Bug ID 1084917: Excluded domain public route to excluded DNS-resolved IP addresses is not added ... Last Modified: May 09, 2024 ... Symptoms ... Public routes to excluded domain scope resolved IP addresses (by DNS relay proxy) do not get added on transition from machine tunnel to EdgeClient or from Edge Client to machine tunnel. ... Impact ... Depending on the configuration, the traffic to the excluded DNS may end up inside the tunnel, and if it is not reachable via the tunnel, then there is no connectivity to these destinations. ... For example, this might occur in a split tunnel configuration that has an include scope as 0.0.0.0/0 and some exclude address space like 8.8.8.8/32 and has excluded DNS as site-not-reachable-via-tunnel.com, *.site-not-reachable-via-tunnel.com. ... If exclude routes are not added for IP addresses resolved for site-not-reachable-via-tunnel.com, traffic to site-not-reachable-via-tunnel.com will go inside the tunnel due to the routing table. ... Conditions
