Forum Discussion

Nimbostratus

Oct 19, 2011

irule for logging DNS queries to the load balancer?

Hi all, Before I get into what seems like an easy question and obvious answer, first a bit of background! We are about to refresh our current production load balancers (running...

Nimbostratus

Oct 19, 2011

Hi James,

The GTM / 3-DNS / Zonerunner is just a modified version of BIND. I'm running 10.2.x on my GTM and you can verify by running "named -v"

named -v

BIND 9.6.1-P3

So rather than adding an iRule to log all of the entries that are queried, you could modify your named.conf (/var/named/config/named.conf) to add logging.

Something like this:

logging {

channel logfile {

syslog daemon;

severity error;

print-category yes;

print-severity yes;

print-time yes;

};

channel query_log {

file "/var/log/query.log" versions 7 size 250m ;

severity dynamic;

print-time yes;

print-category yes;

print-severity yes;

};

NOTE: I would highly recommend bouncing this concept off of F5 Support, but this should work.

Hope this helps.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

irule for logging DNS queries to the load balancer?

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

F5 logs - search query

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Load Balancing TCP TLS Encrypted Syslog Messages

Transparent load balancing in Azure, Part 2

Coordinated Vulnerability Disclosure: A Balanced Approach

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS