Follow

Issue: CNAME records may fail to return any DNS results if SSL Certificate does not match Hostname

 

Description

  • CNAME records may fail to return any DNS results if SSL Certificate does not match Hostname

Environment

  • Silverline WAF
    • Proxy
    • Proxy is only deployed to a regional pop (no megapops)
    • SSL Certificate
  • Regional PoPs

Cause

  • Due to mismatch Common Name of an SSL certificate, Silverline's DNS monitors may fails to populate appropriate IPs for a given CNAME
    • Example
      • dig xxxxx.example.gslb.f5silverline.com
        ;; connection timed out; no servers could be reached

Resolution

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request