Forum Discussion
Mark_Fenkner_60
Oct 11, 2011Nimbostratus
DNS Blacklisting on GTM
I'm trying to utilize the new iRules feature on the GTM to implement DNS blacklisting. I'd like to use a data group to contain all the blacklist domains, so as a very basic start for testing I tried ...
Hey Mark,
This may be addressed in V11.1. I quickly tested a few examples on a 11.1 GTM.
Hugh O. recently shared a DNS Blacklist solution he worked on which may be more then you need, but you
can likely leverage some of it. Its a good read regardless :)
http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1086519/v111-DNS-Blackhole-with-iRules.aspx
and
http://devcentral.f5.com/wiki/iRules.DNS_Blackhole.ashx
One thing with these links: it may have been done on an LTM/GTM, where the GUI exposes the LTM irule and Virtual. ON a GTM
standalone I tested with, I used tmsh to add the ltm datagroup, irule, and then associate the rule to the GTM Listener.
the cname command seems to be valid only with a GTM listener, so on the LTM side I used DNS::answer. This was a quickie, so
it may need more tweaking:
when DNS_REQUEST {
if { [class match [DNS::question name] eq dns_blacklist] } {
DNS::return
DNS::answer clear
DNS::answer insert "[DNS::question name] 30 IN CNAME www.google.com"
}
}
- b
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects