how to send NXDOMAIN with BigIP DNS

Question

Hi friends,&nbsp;I have a question. A customer would like to manipulate some DNS responses using F5 DNS having the following use cases:Change the DNS Response IP (to a public IP)Change the DNS Response to NXDOMAIN (for IP addresses which should not be published)&nbsp;I thought about the following iRule to create the 1st use case:when DNS_REQUEST {&nbsp;&nbsp;&nbsp;&nbsp;if { [DNS::question name] equals "fqdn.of.customer" }{&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;DNS::answer insert "[DNS::question name]. 3600 [DNS::question class] [DNS::question type] 1.2.3.4"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;DNS::return&nbsp;&nbsp;&nbsp;&nbsp;}}&nbsp;Any idea what I have to use to return a NXDOMAIN?DNS::answer insert "???"&nbsp;Do you see a simpler approach? (mid Term we will implement different DNS views).&nbsp;Thanks,Rolf

rolf · Answer

After searching a while i found the correct iRule statements:&nbsp;        DNS::answer clear        DNS::header rcode NXDOMAIN        DNS::return&nbsp;&nbsp;

Forum Discussion

how to send NXDOMAIN with BigIP DNS

1 Reply

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Cannot ping external interface

Can't change sync type or failover after tenant upgrade.

How can k8s CIS CRD VirtualServer reference existing APM Access profile?

F5 asm/awaf

APM VPN LDAP POOL can't contact ldap server.

Related Content

Re: BigIP Report

BIG-IP Advanced Firewall Manager (AFM) DNS NXDOMAIN Query Attack Type Walkthrough - part two

BIG-IP Advanced Firewall Manager (AFM) DNS NXDOMAIN Query Attack Type Walkthrough

BigIP Report Old

BIGIP unable to send tcp/udp packets to syslog servers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS