For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sam_Takach_8752's avatar
Sam_Takach_8752
Icon for Nimbostratus rankNimbostratus
May 19, 2005

Newbie to rules

If anyone can help, I would greatly appreciate it.   I am trying to use the Big IP to direct DNS requests for our internal sites to go one pool of servers & DNS requests for external sites to go...
application delivery
dev
devops
iRules
v4
Scott_Tennican_'s avatar
Scott_Tennican_
Historic F5 Account
May 25, 2005
On second thought, you have another problem.

You are trying to match the QNAME within a DNS request packet.

But, you are not using the format as defined in rfc1035 4.1.2.

QNAME

a domain name represented as a sequence of labels, where

each label consists of a length octet followed by that

number of octets. The domain name terminates with the

zero length octet for the null label of the root. Note

that this field may be an odd number of octets; no

padding is used.

You could avoid this problem by matching the labels within a domain name separately.

Or you could use the correct format like the below:

NOTE: 0x0b is the length of "departmentX"

0x06 is the length of "domain"

0x02 is the length of "au" 

 
 rule dnsrule { 
    if (udp_content contains <0x0b,0x64,0x65,0x70,0x61,0x72,0x74,0x6d,0x65,0x6e,0x74,0x58,0x06,0x64,0x6f,0x6d,0x61,0x69,0x6e,0x02,0x61,0x75> { 
       use pool Internal_DNS 
    } 
    else { 
       use pool External_DNS 
    } 
 }