Forum Discussion
JWhitesPro_1928
Jun 21, 2016Cirrostratus
DNS Whitelist Responses
Does anyone know if an iRule already exists that accomplishes the following:
DNS Request comes in from client
If the request matches an entry in a datagroup table the request is allowed to proce...
- Jun 21, 2016
when DNS_REQUEST { if { [class match [string tolower [DNS::question name]] equals "dg-allowed-dns-queries"] } { reject } }
VernonWells
Employee
when DNS_REQUEST {
if { [class match [string tolower [DNS::question name]] equals "dg-allowed-dns-queries"] } {
reject
}
}
JWhitesPro_1928
Jun 21, 2016Cirrostratus
I came up with something similar while testing. The above that you posted would reject anything in the list correct?
when DNS_REQUEST {
if {[class match [string tolower [DNS::question name]] equals "dg-allowed-dns-requests"]}
{
pool dns_servers
log local0. "DNS Request is: [DNS::question name]"
}else {
discard
log local0. "No request match: [DNS::question name]"
}
}
set your dns profile to not use anything (gslb etc)
create the datagroup with only the string (no value required)
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects