Operational Defect Database
BugZero found this defect 618 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
F5 | 1137217
DNS profile fails to set TC flag for the responses containing RRSIG algorithm 13
Last update date:
5/2/2024
Affected products:
BIG-IP
BIG-IP DNS
Affected releases:
17.1.0
17.0.0
16.1.3
16.1.2
16.1.1
16.1.0
15.1.9
15.1.8
15.1.7
Fixed releases:
No fixed releases provided.
Description:
Bug ID 1137217: DNS profile fails to set TC flag for the responses containing RRSIG algorithm 13 ... Last Modified: May 02, 2024 ... Severity: 3-Major ... Symptoms ... DNS express sends a malformed response when the UDP size limit is set to 512. ... Impact ... Malformed DNS express responses are received when the UDP size limit is set to exactly 512 and a zone is signed with algorithm 13. ... Conditions ... - The UDP size limit is set to 512 and a zone signed with algorithm 13 (ECDSA Curve P-256 with SHA-256), the DNS express responds with a malformed packet. - Malformed responses were also seen without DNSSec; when the message size was equal to the EDNS buffer size advertised by the client. --Malformed response for nslookup without DNSSec. ... Workaround ... None
