Mark_Fenkner_60
Oct 11, 2011Nimbostratus
DNS Blacklisting on GTM
I'm trying to utilize the new iRules feature on the GTM to implement DNS blacklisting. I'd like to use a data group to contain all the blacklist domains, so as a very basic start for testing I tried to do something like the following:
when DNS_REQUEST {
if { [class match [DNS::rrname] equals dns_blacklist_datagroup] } {
cname "bad.domain.com"
}
}
But the problem is that on the GTM side it doesn't recognize the class functions and on the LTM side it doesn't recognize the DNS functions. Does anyone know if this is possible, to use both the class functions and DNS functions in an iRule?
I plan to have the GTM in-line between the clients and DNS servers (ie. it will load balance DNS traffic to back-end DNS servers). With that said, I'm not sure where I apply the iRule if I'm successful in getting it to work; on the GTM side, the only place to apply it seems to be on a Wide IP and on the LTM side the DNS functions don't work. Any idea where to place an iRule to operate on all DNS traffic?
Thanks!
Mark