Forum Discussion
jrmorris_151361
Nimbostratus
NimbostratusDNS:rrtype undefined procedure
I am trying to create the following iRule to help rate limit DNS queries for amplification protection as noted in a few articles. But I get an undefined error. I've confirmed DNS:rrtype is a good variable.
01070151:3: Rule [/Common/dns_amplification_protection] error: /Common/dns_amplification_protection:2: error: [undefined procedure: DNS::rrtype][DNS::rrtype]
when DNS_REQUEST {
if { ([DNS::rrtype] eq "TXT") } {
rateclass dns_rate_shape
}
}
when DNS_RESPONSE {
if { [DNS::len] > 512 } {
rateclass dns_rate_shape
}
}
Thanks.
- JRahm
Admin
what version, and I'm assuming this is an LTM rule, not GTM? - JRahm
DNS::rrtype is a GTM only iRules command. If manipulating DNS on an LTM virtual server, use the DNS::type command instead.
Note that manipulating DNS from LTM iRules with the dns profile requires an active GTM or DNS services license.
jrmorris_151361Thanks. Should I be doing this on GTM instead? I was going to apply it to to the LTM VIPs so I could apply the rate class. I do have active GTM licenses.
Thanks.
Also...does this look correct?
when DNS_REQUEST { if { ([DNS::type $rr] == "TXT") } { rateclass dns_rate_shape } } when DNS_RESPONSE { if { [DNS::len] > 512 } { rateclass dns_rate_shape } }- JRahm
The $rr is undefined in this case. That's more appropriate with an answer with several resource records (and requires a foreach loop as shown in the example code on the rdata wiki page to get the rr variable defined). I think you want something like this instead:
when DNS_REQUEST { if { [DNS::question type] eq "TXT" } { rateclass dns_rate_shape } }
