For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Deepti_Nayak_26's avatar
Deepti_Nayak_26
Icon for Nimbostratus rankNimbostratus
Jun 06, 2017

Irule for reverse DNS lookup

Hello , Currently we have applied Irule for DNS lookup & allowing DNS entries that only ends with a a particular fqdn for e.g when DNS_REQUEST { set fqdn [DNS::question name] ...
BIG-IP DNS
iRules
security
dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Jun 06, 2017

Hi,

 

Not sure if I understand correctly - do you need to resolve IP to FQDN instead of FQDN to IP?

 

If so you need to check DNS query type like [DNS::question type] equals "PTR" and then execute necessary code - I guess you will need check then DNS_RESPONSE event to check if response from DNS server contains domain ending with given domain.

 

Something like that:

 

when DNS_RESPONSE {
    if { [DNS::question type] eq "PTR" } {       
        set rrs [DNS::answer]
        foreach rr $rrs {
            if { [DNS::rdata $rr] ends_with "your.domain" } {
                log local0. "----[DNS::rdata $rr] Dropped-----"
                drop seems not be working for response
                drop
                DNS::answer clear
                DNS::answer insert "@ 5 [DNS::question class] TXT Blocked"
                return
            }
        }
    }
}

Piotr