How to block DNS request according to one special domain list ?

Do you want to block DNS queries from clients through an LTM virtual server? Or is this for HTTP or HTTPS? If HTTP or HTTPS, are you looking for LTM to act as an HTTP proxy?

 

 

You can perform DNS resolution from an iRule using RESOLV::lookup

 

http://devcentral.f5.com/wiki/iRules.resolv__lookup.ashx

 

 

You can add the patterns to a datagroup but then you'd need to loop through each element one by one to perform a string match of the pattern against the requested hostname. This will be more resource intensive than matchclass.

 

 

You can use 'string match -nocase $pattern $string' to do this:

 

 

% string match -nocase *.tudou.com.cn test.tudou.com.cn

 

1

 

 

% string match -nocase *.cn test.example.com.cn

 

1

 

 

% string match -nocase *.cn test.example.com

 

0

 

 

Aaron