Forum Discussion
xuwen
Cumulonimbus
CumulonimbusiRules code share,only use tcp protocol profile to log tcp dns request and A or AAAA dns answers ip
if you not have GTM/DNS license, VS in Standard mode, only use tcp protocol profile to log tcp dns request, and if query type is A or AAAA, it will also log A or AAAA dns answers ip proc decode_dns...
Nice addition, xuwen, thanks for sharing!
For those that find this, it's a fantastic example of how to use binary commands to decode the protocol, but I wouldn't recommend logging dns traffic to local0. unless it's for a very brief point in time for troubleshooting purposes, and even then, if your system has heavy dns traffic, it's likely to significantly reduce throughput. A better option for logging from iRules would be to use HSL and send the logs off-box for analysis.
JRahm
Admin
AdminNice addition, xuwen, thanks for sharing!
For those that find this, it's a fantastic example of how to use binary commands to decode the protocol, but I wouldn't recommend logging dns traffic to local0. unless it's for a very brief point in time for troubleshooting purposes, and even then, if your system has heavy dns traffic, it's likely to significantly reduce throughput. A better option for logging from iRules would be to use HSL and send the logs off-box for analysis.