Forum Discussion

IS_38885's avatar
IS_38885
Icon for Nimbostratus rankNimbostratus
Jan 20, 2009

Problems getting a simple name resolution "example" Irule to work

Hi,

 

 

I am trying to implement name resolution inside an iRule and I cannot get to work the simple example I find in the knowledge base.

 

 

The example is the following:

 

 

when HTTP_REQUEST {

 

 

Hold HTTP data until IP address is resolved

 

HTTP::collect

 

 

Start a name resolution on the hostname

 

NAME::lookup gmail.com

 

}

 

when NAME_RESOLVED {

 

 

log local0. "IP address list for remotehost.domain.com = >[NAME::response]<"

 

log local0. "First listed address is >[lindex [NAME::response] 0]<"

 

log local0. "Second listed address is >[lindex [NAME::response] 1]<"

 

 

Release HTTP data once hostname is resolved

 

HTTP::release

 

}

 

 

I can see in the LTM logs that the response NAME::response is an empty string. The DNS servers seems to be properly configured as I am able to perform nslookup from the SSH console.

 

 

I am using 9.4.6
application delivery
dev
devops
iRules
  • naladar_65658's avatar
    naladar_65658
    Icon for Altostratus rankAltostratus
    Jan 22, 2009
    The version number you are using looks good and from what I can tell, the code looks good to. I did check out the Wiki article on NAME::lookup and noticed this line and I thought I would point it out. Not all names have corresponding PTR records. Reverse resolutions are easily spoofed not guaranteed to be correct.

     

     

    You might check out classless delegation and/or dangling CNAME pointers on Google and see if any of that information applies to your network setup. The results that you are seeing could very well stem from the way your particular DNS/Network setup is configured. Not that it is configured incorrectly, it may just not be able to follow the CNAME to grab the PTR record.... I think the method being used is referred to as a non-recursive query though I must admit my networking skills are a bit rusty at the moment.
  • IS_38885's avatar
    IS_38885
    Icon for Nimbostratus rankNimbostratus
    Jan 22, 2009
    It works now.

     

     

    It looks that then doing a name resolution inside an irule, it uses the local named daemon (following the default configuration of the tmm_base.tcl).

     

     

    The problem is that the named daemon is configured to deny any recursive requests. I edited the named.conf to enable it and after restarting the service the iRule worked.

     

     

    That puzzled me in the first place is the fact that nslookup was working from the console. Now I understand that the iRule uses by default the local named instead of the configured name servers (/etc/resolv.conf).