For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

SachinB_207389's avatar
SachinB_207389
Icon for Nimbostratus rankNimbostratus
Jan 12, 2017

DNS iRule

Hi guys, I am a beginner writing iRules. I have to write an iRule on LTM to match DNS request. Requirement is if it matches fqdn and source is private IP it should resolve to a private VIP else it sh...
application delivery
iRules
LTM
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Jan 12, 2017

Hi Sachin,

you can pretty much streamline your iRule by generating the 

DNS::answer
directly within the 
DNS_REQUEST
event. This will make the syntax much simpler and also save a roundtrip between your F5 and your DNS Servers (which is wasted computing power since the 
DNS::answer
gets always replaced).

when RULE_INIT { 
    set static::whitelist_ttl "300" 
}
when DNS_REQUEST {
    if { ( [string tolower [DNS::question name]] starts_with "www.domain.tld" ) 
     and ( [DNS::question type] equals "A" ) } then {

        log local0.debug "DNS Request match..."

        if { [class match [IP::client_addr] equals private_net] } then {

            log local0.debug "Client is private..."
            DNS::answer insert "[DNS::question name]. $static::whitelist_ttl [DNS::question class] [DNS::question type] 10.10.10.10"

        } else {

            log local0.debug "Client is public..."
            DNS::answer insert "[DNS::question name]. $static::whitelist_ttl [DNS::question class] [DNS::question type] 193.11.11.1"

        }

        DNS::return

    }

}

Cheers, Kai