Forum Discussion
headgear_30397
Nimbostratus
Nimbostratusirule for LTM: provide "no error" or reject for AAAA DNS queries
Hi All,Thanks
I found the irule below to provide "no error" response for AAAA DNS queries but it seems this is for GTM only. Anyone knows what is the irule for LTM? My DNS servers are load balanced by F5 LTM.
When I tried to configure the irule on our BIG-IP, I got this error:
“011c0003:3: Rule checker ::tclCheck::checkScript did not complete (save_profile_dep: invalid profile type).”
Below is the irule:
when DNS_REQUEST {
if { [DNS::rrtype] equals "AAAA" } {
noerror
}
}
hoolioCirrostratus
Hi,
You must have a GTM license to use the DNS_ events or DNS:: commands. With LTM, you'd need to do binary parsing of the requests. Nat added an example iRule to the Codeshare which decodes and logs details on DNS requests and responses. Maybe you could adapt that for your scenario?
http://devcentral.f5.com/wiki/default.aspx/iRules/CodeShare.htmlDNS
http://devcentral.f5.com/wiki/default.aspx/iRules/dns_decoding
Aaron- Chris_Miller
Altostratus
Bummer...I know LinkController allows you to check a box for no IPv6 responses but that's not for load balancing DNS, it's for actually responding to them.
It looks like Hoolio's options will work for you. You'll need to drill into the UDP payload to recognize the IPV6 lookup and react accordingly. Not sure you'll be able to send "noerror" though. 
netgeek_109058Hello headgear
u can try something like this:
when DNS_REQUEST {
if { [DNS::type rrs] equals "AAAA" } {
DNS::drop
DNS::last_act noerror
}
}
Best regards
