Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

sidthetaff's avatar
sidthetaff
Icon for Nimbostratus rankNimbostratus
Sep 27, 2019

Provide custom resolution based on Source and URL

Hi, Struggling to find literature to help with this, I'm running BIG-IP DNS ver 14.1 and have a requirement to produce an iRule that follows the following logic When DNS Request class match sou...
BIG-IP DNS
cloud
devops
irules
sidthetaff's avatar
sidthetaff
Icon for Nimbostratus rankNimbostratus
Oct 03, 2019

Hi James,

Thanks for your answer, this is on a BIG-IP DNS, so by URL i mean wide IP, there's no LTM functionality on this appliance.

The GTM has multiple listeners that cater to different user bases, this iRule will be sitting on one of those listeners to provide this specific functionality.

The filter portion

when DNS_REQUEST {
if {[class match [IP::client_addr] equals IP_Data_Group] and [class match [DNS::Question] contain URL_Data_Group }

works ok, If i put a log after it i get appropriate log messages, however i have tried various connotations to manipulate the dns response including

DNS::answer insert "pool RPX_pool"
}
{ 
    DNS::return

and

DNS::answer insert "[DNS::question name]. 111 [DNS::question class] [DNS::question type] 192.168.1.10"
    DNS::answer insert "[DNS::question name]. 111 [DNS::question class] [DNS::question type] 192.168.1.11"
 
    DNS::return
}

However neither of these solutions seem to send a response to the client as an NSLookup on the client returns no IP address under the answer

Cheers