Forum Discussion

RoutingLoop_179's avatar
RoutingLoop_179
Icon for Cirrus rankCirrus
Jan 29, 2013

my DNS irule - how can i optimise it further or is there a better way?

Hi - i've created an irule losely based on DNS blackhole irules i've seend to rewrite DNS responses.     But my rule basically has to check a client source address against a list of subnets i...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Feb 11, 2013
Hi RL,

 

 

Here are a few thoughts on this:

 

 

- Combine the data group entries so you're reducing the number of class searches. Instead of having separate data groups for site1_address_datagroup, site2_address_datagroup, etc, you could combine them into one siteX_address_datagroup. If you need to differentiate between different addresses per site, you could set a value per address key showing which site an address is for:

 

 

1.1.1.1 := site1

 

2.1.1.1 := site2

 

3.1.1.1 := site3

 

 

When you check if the FQDN is in the whitelist, save the return value so you can avoid a second lookup:

 

 

current:

 

if { [class match $fqdn equals site1_whitelist] } {

 

 

suggested:

 

if { [set FakeIPv4 [class match -value -- $fqdn equals site1_whitelist]] ne ""} {

 

 

Aaron