Forum Discussion

Mark_Fenkner_60's avatar
Mark_Fenkner_60
Icon for Nimbostratus rankNimbostratus
Oct 11, 2011

DNS Blacklisting on GTM

I'm trying to utilize the new iRules feature on the GTM to implement DNS blacklisting. I'd like to use a data group to contain all the blacklist domains, so as a very basic start for testing I tried ...
application delivery
dev
devops
iRules
bvanlieu's avatar
bvanlieu
Icon for Nimbostratus rankNimbostratus
Dec 29, 2011
Hey Mark,

 

 

This may be addressed in V11.1. I quickly tested a few examples on a 11.1 GTM.

 

 

Hugh O. recently shared a DNS Blacklist solution he worked on which may be more then you need, but you

 

can likely leverage some of it. Its a good read regardless :)

 

 

http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1086519/v111-DNS-Blackhole-with-iRules.aspx

 

 

and

 

 

http://devcentral.f5.com/wiki/iRules.DNS_Blackhole.ashx

 

 

One thing with these links: it may have been done on an LTM/GTM, where the GUI exposes the LTM irule and Virtual. ON a GTM

 

standalone I tested with, I used tmsh to add the ltm datagroup, irule, and then associate the rule to the GTM Listener.

 

 

the cname command seems to be valid only with a GTM listener, so on the LTM side I used DNS::answer. This was a quickie, so

 

it may need more tweaking:

 

 

when DNS_REQUEST {

 

if { [class match [DNS::question name] eq dns_blacklist] } {

 

DNS::return

 

DNS::answer clear

 

DNS::answer insert "[DNS::question name] 30 IN CNAME www.google.com"

 

}

 

}

 

 

- b