Forum Discussion

sidthetaff's avatar
sidthetaff
Icon for Nimbostratus rankNimbostratus
Sep 27, 2019

Provide custom resolution based on Source and URL

Hi,

Struggling to find literature to help with this, I'm running BIG-IP DNS ver 14.1 and have a requirement to produce an iRule that follows the following logic

When DNS Request

class match source IP (IP_Data_Group) and class match requsted URL (URL_Data_Group)

Respond with RPX_Pool

else continue

So when a DNS request is received from a specific IP subset (IP_Data_Group) and is requesting a specific group of URLs (URL_Data_Group) return a response of an RPX pool. Anything else (different source IP or different URL request) will continue as normal

So the question is,

What is the best way to go about creating the URL data group?

and

Can someone please help out with the syntax please? I've got the following so far

when DNS_REQUEST {
if {[class match [IP::client_addr] equals IP_Data_Group] and [class match [DNS::Question] contain URL_Data_Group } 
pool RPX_POOL 
else {DNS::return }
}

Thanks

Steve

BIG-IP DNS
cloud
devops
iRules
  • James_Thomson's avatar
    James_Thomson
    Icon for Employee rankEmployee
    Oct 02, 2019

    I'm assuming when you say URL, you actually mean the domain name.

    When you reference classes, those are BIG-IP Datagroups, so in the LTM section, go to iRules and then datagroups. Add one of type address for IP_Data_Group and one of type string for the FQDN's you want to match against.

     

    Then I think the rest would be something like this

     

    when DNS_REQUEST {

      log local0. "client ip is [IP::client_addr] and domain name requested is [DNS::question name]"

      if {[class match [IP::client_addr] equals IP_Data_Group] and [class match [DNS::question name] equals FQDN_Group] } {

        log local0. "matched, going to pool1"

        pool pool1 

        }

        else { 

          log local0. "no match, going to default pool2"

          return

          }

    }

  • sidthetaff's avatar
    sidthetaff
    Icon for Nimbostratus rankNimbostratus
    Oct 03, 2019

    Hi James,

    Thanks for your answer, this is on a BIG-IP DNS, so by URL i mean wide IP, there's no LTM functionality on this appliance.

    The GTM has multiple listeners that cater to different user bases, this iRule will be sitting on one of those listeners to provide this specific functionality.

    The filter portion

    when DNS_REQUEST {
if {[class match [IP::client_addr] equals IP_Data_Group] and [class match [DNS::Question] contain URL_Data_Group }

    works ok, If i put a log after it i get appropriate log messages, however i have tried various connotations to manipulate the dns response including

    DNS::answer insert "pool RPX_pool"
}
{ 
    DNS::return

    and

    DNS::answer insert "[DNS::question name]. 111 [DNS::question class] [DNS::question type] 192.168.1.10"
    DNS::answer insert "[DNS::question name]. 111 [DNS::question class] [DNS::question type] 192.168.1.11"
 
    DNS::return
}

    However neither of these solutions seem to send a response to the client as an NSLookup on the client returns no IP address under the answer

    Cheers