We were using a DNS VS listening on port 53 but configured to handle TCP protocol as shown here:
ltm virtual /Common/VS_DNS {
destination /Common/10.10.10.10:53
ip-protocol tcp
mask 255.255.255.255
pool /Common/pool_dns
profiles {
/Common/tcp { }
}
source 0.0.0.0/0
source-address-translation {
pool /Common/SNAT-10.10.10.10
type snat
}
translate-address enabled
translate-port enabled
}
An iRule was using RESOLV::lookup against the configured TCP VS. RESOLV::lookup uses UDP requests and since the VS was configured to handle only TCP, the F5 crashed with core file generated.
According to F5 Engineers, bug alias 570575 is associated with this condition where RESOLV::lookup against a TCP Virtual Server causes the F5 to crash generating a core file in /var/core/
The workaround involved using “ip-protocol” as “any” and “profiles” as “fastL4” for a configuration that looks like this:
ltm virtual /Common/VS_DNS {
destination /Common/10.10.10.10:53
ip-protocol any
mask 255.255.255.255
pool /Common/pool_dns
profiles {
/Common/fastL4 { }
}
source 0.0.0.0/0
source-address-translation {
pool /Common/SNAT-10.10.10.10
type snat
}
translate-address enabled
translate-port enabled
}