For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Chris_Alliey_13's avatar
Chris_Alliey_13
Icon for Nimbostratus rankNimbostratus
Oct 03, 2016

GTM - How do we drop all AAAA requests from our listeners ??

I would like to drop all AAAA requests, or respond with a 'noerror' if possible. I can't seem to find an irules that can be applied to a listener. I can create an irules and assign it to WIPs, but that is doesn't help me stop traffic from going past the listener. I am trying to avoid any traffic for AAAA from going to our pool of DNS servers.

 

Thanks,

 

Chris

 

BIG-IP DNS
iRules
security

3 Replies

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Oct 03, 2016

    There is a SOL about this:

     

    https://support.f5.com/kb/en-us/solutions/public/7000/800/sol7851.html

     

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Oct 03, 2016

    Hi,

    try this irule enabled on the Listener:

    when DNS_REQUEST {
if {[DNS::question type] equals "AAAA" }{
   DNS::header rcode NOERROR
   DNS::return 
   }   
}