Forum Discussion
Craig_13881
Jul 25, 2011Nimbostratus
Return DNS replies to specific clients
I'm trying to return DNS replies to only a couple of different subnets. If the request comes in from anything else, I'd like to ignore it, or return a bogus response. Trying to get this to work, but...
That looks perfect, but when I test it out, I get www.blahblahblah.com even though the source IP in the packet capture is in the 192.168.76.0/24 range. I should mention that I'm testing this from my workstation, which is asking a Microsoft DNS server, and that DNS server is handing the request off to the GTM. I can see blahblahblah showing up in a Wireshark trace on my PC and I've verify the source IP that hitting the GTM with a TCPdump. I may try just putting the IP address of the DNS server in the iRule as a host entry instead of a subnet and see if I can get it to work. It's like the "if" condition is coming up "true" when it should evaluate to "false".
Here's what I have I added a subnet and a closing brace at the end. (The GTM was barking at me about the closing brace.)
when DNS_REQUEST {
if { !([IP::addr [IP::client_addr]/24 equals 10.0.0.0/24]) or !([IP::addr [IP::client_addr]/24 equals 192.168.76.0/24]) or !([IP::addr [IP::client_addr]/24 equals 172.16.1.0/24]) } {
cname www.blahblahblah.com
}
}
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects