Forum Discussion
NimbostratusGTM irule CNAME filter
I would like to create a filter on my GTM for remove CNAME and replace with the default answer like GTM bind does not have CNAME.
I want to block respond CNAME I have ";
dig cname www.wip.company.com @10.10.10.9
; <<>> DiG 9.9.10-P3 <<>> cname www.wip.company.com @10.10.10.9
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58987
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.wip.company.com. IN CNAME
;; ANSWER SECTION:
www.wip.company.com. 0 IN CNAME www.company.com.
;; AUTHORITY SECTION:
company.com. 0 IN NS GTM1.company.com.
4 Replies
JGCumulonimbus
Will you please rephrase your question? It is not clear what problem you are trying to resolve.
Leonardo_SouzaCirrocumulus
I agree, no idea what is the problem.
Sergi0I would like to block GTM from any response except WIP type A.I tried to disable bind in DNS profile but it gives timeout for clients want is not good. I have created irule for listener. So clients have blank respond from GTM, no AAAA, CNAME or ANY in respond.
when DNS_REQUEST { if {!([DNS::question type] eq "A") } { DNS::answer clear DNS::return } }- JG
I'd try and find out why clients are sending this CNAME query to this server in the first place, which seems to suggest a DNS configuration error, and solve that problem. But specific to blocking the query type, here's one you could use:
when DNS_REQUEST { if { !([string toupper [DNS::question type]] eq "A") } { DNS::last_act reject DNS::return } }.
