irule to redirect DNS traffic

Question

We are trying to create an iRule to catch any wayward DNS traffic.  We created a default VS for all port 53 traffic, but now we need a specific iRule so that we can forward these DNS request to the NameServer that isn't on the same network. 
&nbsp;  
&nbsp; For the life of me I can't seem to find something on here that will do that.  I'm looking for something like: 
&nbsp;  
&nbsp; when CLIENT_ACCEPTED { 
&nbsp;   if { [IP::addr [IP::client_addr] equals "0.0.0.0/0"] 
&nbsp; } { 
&nbsp; node "192.168.1.1" 
&nbsp; } 
&nbsp; } 
&nbsp;  
&nbsp; Any help would be greatly appreciated.

the_bhattman · Answer

If it's on a seperate network you might need to apply SNAT Automap into your irule 
  
 I.E.

when CLIENT_ACCEPTED { 
    if { [IP::addr[IP::client_addr] eq "0.0.0.0/0"] } { 
       snat automap 
       node 192.168.1.1 
       } 
 }

I hope this helps 
  
 CB

hoolio · Answer

Another option would be to enable SNAT automap on the VIP and create a pool with 192.168.1.1 in it and remove the iRule. 
&nbsp;  
&nbsp; Aaron

l4l7_53191 · Answer

You may also consider a service specific 0.0.0.0:53 VIP with this iRule applied to it. That way you'll be able to treat this traffic uniquely from a profile/protocol/iRule perspective. 
&nbsp;  
&nbsp; -Matt

Forum Discussion

irule to redirect DNS traffic

Recent Discussions

Can i apply ddos profile on virtual server using port range

I used the wrong email account when take Application Delivery Exam (101)

F5 iControl REST API - viewBy Parameter Issue in Analytics Report

'F5 rules for AWS WAF' ruleset not working for jsp web shell attack

Disable ssl or https for the embed url

Related Content

irule uri traffic redirection failing

Traffic Policy vs iRule Pool Redirect

iRule redirection

Verifying Local Traffic Policy and iRule Precedence

iRule to log traffic details

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS