Forum Discussion
spalande
Nacreous
NacreousNeed help for iRule
Need help on iRule for mapping private IP hosted on GTM (A record) to public IP (owned by customer DMZ).
eg. 192.168.4.242 is the private IP hosted on GTM, while sending DNS response need to map...
StephanMantheyNacreous
NacreousNo worries. Here is a updated version allowing to filter for non-A record queries and to enable / disable logging globally.
I also used a global static variable to set a fallback in case there is no datagroup match:when RULE_INIT {
set static::debug 1
$fallback_A will be used to replace in case of no data-group match
set static::fallback_A 10.141.141.10
}
when DNS_REQUEST {
if {[DNS::question type] ne "A"} {
if { $static::debug != 0 } {
log local0. "incoming query for [DNS::question name] is of type [DNS::question type]"
}
}
}
when DNS_RESPONSE {
foreach item [DNS::answer] {
if {[DNS::type $item] eq "A"} {
if { $static::debug != 0 } {
log local0. "internal ([DNS::type $item] [DNS::rdata $item])"
}
if { [class match -value [DNS::rdata $item] equals dg_internal_external] eq "" } {
if { $static::debug != 0 } {
log local0. "no match for internal A record [DNS::rdata $item]"
}
DNS::rdata $item $static::fallback_A
} else {
if { $static::debug != 0 } {
log local0. "replace with [class match -value [DNS::rdata $item] equals dg_internal_external]"
}
DNS::rdata $item [class match -value [DNS::rdata $item] equals dg_internal_external]
}
} else {
if { $static::debug != 0 } {
log local0. "internal ([DNS::type $item], RR data: [DNS::rdata $item])"
}
}
}
}
Log output looks as expected:
: internal (A 10.131.131.125)
: replace with 10.141.141.125
: internal (A 10.131.131.127)
: no match for internal A record 10.131.131.127
: incoming query for test.lb-net.bit is of type AAAA
: incoming query for test.lb-net.bit is of type AAAA
: internal (CNAME, RR data: fallback.lb-net.bit)
