how to send NXDOMAIN with BigIP DNS

Question

Hi friends,&nbsp;I have a question. A customer would like to manipulate some DNS responses using F5 DNS having the following use cases:Change the DNS Response IP (to a public IP)Change the DNS Response to NXDOMAIN (for IP addresses which should not be published)&nbsp;I thought about the following iRule to create the 1st use case:when DNS_REQUEST {&nbsp;&nbsp;&nbsp;&nbsp;if { [DNS::question name] equals "fqdn.of.customer" }{&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;DNS::answer insert "[DNS::question name]. 3600 [DNS::question class] [DNS::question type] 1.2.3.4"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;DNS::return&nbsp;&nbsp;&nbsp;&nbsp;}}&nbsp;Any idea what I have to use to return a NXDOMAIN?DNS::answer insert "???"&nbsp;Do you see a simpler approach? (mid Term we will implement different DNS views).&nbsp;Thanks,Rolf

rolf · Answer

After searching a while i found the correct iRule statements:&nbsp;        DNS::answer clear        DNS::header rcode NXDOMAIN        DNS::return&nbsp;&nbsp;

Forum Discussion

how to send NXDOMAIN with BigIP DNS

Recent Discussions

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

How to Renew F5 Device Certificate

F5 ASM CEF Sending Logs in Specific TimeZone

Related Content

BIG-IP Advanced Firewall Manager (AFM) DNS NXDOMAIN Query Attack Type Walkthrough - part two

Re: BigIP Report

BIG-IP Advanced Firewall Manager (AFM) DNS NXDOMAIN Query Attack Type Walkthrough

BigIP Report Old

BIGIP unable to send tcp/udp packets to syslog servers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS