Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

philfagan's avatar
philfagan
Icon for Nimbostratus rankNimbostratus
Nov 03, 2020

iRule DNS response code

I have several DNS nodes that I am sending traffic to.   I would like to write a rule that selects either a new pool or node if in the event one of my servers responds with a serv fail rcode in ...
cloud
devops
irules
PeteWhite's avatar
PeteWhite
Icon for Employee rankEmployee
Nov 09, 2020

Hi Phil,

I assume that you want to send the CURRENT request to the other node ie not subsequent requests ( as that is simple, just do an LB::reselect )

On the basis that you can do anything on the BIG-IP, yes it is possible. How it is possible is a bit more complex. 😀

Essentially, to do this you have to store the request data for all DNS requests and in the case of failure then you send them to a different node. The first point is that this means you will be storing a lot of extra data which will cause higher memory utilisation and is probably not a good idea - do not store client data on intermediate devices.

If you still want to do it, you can grab the payload and store it, if you get a serv fail then send the payload via sideband to the other node and respond to the client with the response ( i'll leave you to ponder what to do if you receive a second serv fail ).

If you want to do this in a nice, systemic and scalable way you can use the Message Routing Framework (MRF) function but that needs a bit more thought on your part.

Pseudocode:

when DNS_REQUEST {
  UDP::collect
}
when CLIENT_DATA {
  set payload [UDP::payload]
}
when DNS_RESPONSE {
  if response == servfail
    set sb [connect -proto UDP <destination>]
    send $sb $payload
    recv $sb response
    UDP::respond $response
  }
}