For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sam_Takach_8752's avatar
Sam_Takach_8752
Icon for Nimbostratus rankNimbostratus
May 19, 2005

Newbie to rules

If anyone can help, I would greatly appreciate it.

 

I am trying to use the Big IP to direct DNS requests for our internal sites to go one pool of servers & DNS requests for external sites to go to another DNS server.

 

 

I can't find any examples in the manual for UDP_Content rules, so am assuming that the TCP_content syntax is similar.

 

 

When I have this rule referenced to the virtual server I am sending my requests to, it appears that all requests are being sent to the External_DNS pool, Is my syntax wrong in the rule?

 

 

Here is my rule (using web interface to write it) :-

 

 

if (udp_content contains "departmentX.domain.au" or udp_content contains "departmentY.domain.au") {

 

use pool Internal_DNS

 

}

 

else {

 

use pool External_DNS

 

}

 

 

application delivery
dev
devops
iRules
v4

2 Replies

  • Scott_Tennican_'s avatar
    Scott_Tennican_
    Historic F5 Account
    May 25, 2005
    This is probably because you are testing from a single client and BIG-IP is load balancing once on your first request and creating a single connection over which it passes all subsequent requests.

     

    To fix this problem, add:

     

    class udp_packet_lb_ports {

     

    53

     

    }

     

    to your bigip.conf.

     

     

    This forces BIG-IP to load balance on every packet to port 53 which will execute your rule and create a new connection for every request.
  • Scott_Tennican_'s avatar
    Scott_Tennican_
    Historic F5 Account
    May 25, 2005
    On second thought, you have another problem.

    You are trying to match the QNAME within a DNS request packet.

    But, you are not using the format as defined in rfc1035 4.1.2.

    QNAME

    a domain name represented as a sequence of labels, where

    each label consists of a length octet followed by that

    number of octets. The domain name terminates with the

    zero length octet for the null label of the root. Note

    that this field may be an odd number of octets; no

    padding is used.

    You could avoid this problem by matching the labels within a domain name separately.

    Or you could use the correct format like the below:

    NOTE: 0x0b is the length of "departmentX"

    0x06 is the length of "domain"

    0x02 is the length of "au" 

     
 rule dnsrule { 
    if (udp_content contains <0x0b,0x64,0x65,0x70,0x61,0x72,0x74,0x6d,0x65,0x6e,0x74,0x58,0x06,0x64,0x6f,0x6d,0x61,0x69,0x6e,0x02,0x61,0x75> { 
       use pool Internal_DNS 
    } 
    else { 
       use pool External_DNS 
    } 
 }