GTM DNS REQUEST

Question

Hi All,
I need an IRule for GTM so when I receive a DNS Request if it is looking for;
.gcsx.gov.uk or gsi.gov.uk (and there are a few more domains) then forward it to Pool 1 or if it is looking for nhs.uk forward it to Pool 2 or if it is looking for any think else forward it to its default Pool.
Is this possible (I hope it is !!!) ? &nbsp;

cory_50405 · Answer

This iRule uses data groups and should allow you some more flexibility going forward, if you wish to add more domains.  This will require you to create two data groups (string type is fine) in order for this to work:
dotuk_group (include gcsx.gov.uk and gsi.gov.uk domains)
nhs_group (include nhs.uk domain)
This iRule should work for you:
when DNS_REQUEST {
    DNS::question name [string tolower [DNS::question name]]
    if { [class match [DNS::question name] eq dotuk_group] } {
            DNS::disable all
            pool pool1
    }
    elseif { [class match [DNS::question name] eq nhs_group] } {
            DNS::disable all
            pool pool2
    }
    else {
            DNS::disable all
            pool default_pool
    }
}

paul_dcc · Answer

Thanks for the IRule, just one question what does DNS::disable all do ?&nbsp;

paul_dcc · Answer

Hi Cosby,&nbsp;
I can't get the wildcard to match, I'm running Ver 11.5 and the only way I can get any match within the Data Group is to have the exact same thing; mail.gcsx.gov.uk (have that in the Data Group would get a match) but having *.gcsx.gov.uk would not match mail.gcsx.gov.uk ??? I can't see what I'm doing wrong.&nbsp;
Hope you can help.................&nbsp;

cory_50405 · Answer

DNS::disable all just prevents any further processing of DNS (GTM, ZoneRunner), since you're forwarding the query somewhere else for resolution.
Instead of an exact match, the iRule can be modified to match for "ends with".  Like this:
when DNS_REQUEST {
    DNS::question name [string tolower [DNS::question name]]
    if { [class match [DNS::question name] ends_with dotuk_group] } {
            DNS::disable all
            pool pool1
    }
    elseif { [class match [DNS::question name] ends_with nhs_group] } {
            DNS::disable all
            pool pool2
    }
    else {
            DNS::disable all
            pool default_pool
    }
}

So there's no need for you to put the wildcard FQDN in your dotuk_group.  Just put it in as gcsx.gov.uk and the ends_with will match anything of that domain or any sub domains.

paul_dcc · Answer

Cheers Cory it work's great now,&nbsp;
Many Thanks&nbsp;

Forum Discussion

GTM DNS REQUEST

7 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Software Downgrade from version 17.x.x to 15.x.x

Error diskmonitor

CPU utilization of F5OS on r2600

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Hardware replacement i2800 to r2600

Related Content

Logging DNS Requests

Using Client Subnet in DNS Requests

Logging of DNS Requests and Responses without a DNS license

Implementing Client Subnet DNS Requests

F5 DNS/GTM External Monitor(EAV) with SNI support and response code check

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS