Forum Discussion
NimbostratusIrule Dns to handle nslookup dns from client
Hi all
i have irule handle request dns from client , when client lookup dns with subdomain match list subdomain in white_list datagroup then this irule will reponse record "A" to client , this a irule also monitor link status of line internet terminated on F5 . the case 3 lines internet up then , we want this irule response record "A" to client flow loadbalance round robin to share performance of 3 lines .
pls see irule and help me
when DNS_REQUEST {
set Whitelist_Match 0
if {[class match $fqdn equals whitelist] } {
does FQDN exist in our whitelist string:value datagroup for that site.
if { [LB::status node 183.91.x.y] eq "up" } {
Client made a DNS request for a Whitelist site.
set Whitelist_Match 1
set FakeIPv4_cmc [class match -value $fqdn equals whitelist]
DNS::return
}
if { [LB::status node 222.255.x.y] eq "up" } {
set Whitelist_Match 1
set FakeIPv4_vnpt [class match -value $fqdn equals vnpt_whitelist]
DNS::return
}
if {[LB::status node 118.69.x.y] eq "up" } {
set Whitelist_Match 1
set FakeIPv4_fpt [class match -value $fqdn equals fpt_whitelist]
DNS::return
}
}
}
when DNS_RESPONSE {
if { $Whitelist_Match } {
switch [DNS::question type] {
"A" {
DNS::answer insert "$fqdn. $static::whitelist_ttl [DNS::question class] [DNS::question type] $FakeIPv4_cmc"
DNS::answer insert "$fqdn. $static::whitelist_ttl [DNS::question class] [DNS::question type] $FakeIPv4_vnpt"
DNS::answer insert "$fqdn. $static::whitelist_ttl [DNS::question class] [DNS::question type] $FakeIPv4_fpt"
}
default {
}
}
}
}
many thanks
2 Replies
VernonWellsEmployee
, for something of this complexity, you may be well-served to engage F5 Professional Services. I will also say that the DNS Services module can handle this sort of case more natively.
Having said all of that, I assume the above rule works, but it is only returning a single A record. Is that the case? I also understand from your description that, if all three uplink checks (the LB::status node calls, that is) succeed, you want to return all three A records (essentially, all three class match -value $fqdn calls). What do you want to happen if two of the links are up? Return two A records? I will assume that is what you want.
I've not tested the following code, but assuming the code above works, this should get you close to the right answer:
when DNS_REQUEST { set return_a_records [list] if { [class match $fqdn equals whitelist] } { # does FQDN exist in our whitelist string:value datagroup for that site. if { [LB::status node 183.91.1.1] eq "up" } { # client made a DNS request for a Whitelist site. lappend return_a_records [class match -value $fqdn equals whitelist] } if { [LB::status node 222.255.1.1] eq "up" } { lappend return_a_records [class match -value $fqdn equals vnpt_whitelist] } if {[LB::status node 118.69.1.1] eq "up" } { lappend return_a_records [class match -value $fqdn equals fpt_whitelist] } } } when DNS_RESPONSE { if { $Whitelist_Match } { switch [DNS::question type] { "A" { foreach ip $return_a_records { DNS::answer insert "$fqdn. $static::whitelist_ttl [DNS::question class] [DNS::question type] $ip" } } } } }
DanaStoneI assume the above rule works, but it is only returning a single A record. Is that the case? I also understand from your description that, if all three uplink checks succeed, you want to return all three A records What do you want to happen if two of the links are up?
