For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Richard_H_12595's avatar
Richard_H_12595
Icon for Nimbostratus rankNimbostratus
Jun 09, 2014

GTM DNSSEC and dig

In my quest to work with dotgov to get DNSSEC enabled on the GTM (it shouldn't be this hard) the latest thing they are saying is that dig is not returning the DNSKEY records. The command they are us...
BIG-IP DNS
deployment
Cory_50405's avatar
Cory_50405
Icon for Noctilucent rankNoctilucent
Jun 10, 2014

Did you perform a tcpdump to see if a TCP connection was initiated from dotgov and arrived at your GTM?

 

We encountered a strange situation in our environment that I want to bring up as a consideration if you have Cisco Nexus switches in your network. We noticed some DNSSEC queries were failing and upon digging into it, we found our Nexus 7k was doing some fragment inspection and dropping the fragments. The command to turn off fragment inspection is 'no hardware ip verify fragment'. You can check if it's enabled by running 'show hardware ip verify'.