Wildcard DNS Server and iRules

I am sorry to waste your time but the whole drama was on the firewall in front of the BIG-IP...it was allowing udp/53 for the SNAT IP address to specific servers only causing DNS traffic to any other servers from the x_group clients with SNAT 10.10.10.10 to fail. Anyway, what I have now is the following and I think it should work fine after I resolve few other issues:

 

 

when CLIENT_ACCEPTED {

 

if {[matchclass [IP::client_addr] eq $::x_group]

 

and [matchclass [IP::remote_addr] eq $::dns_servers]} {

 

snat 10.10.10.10

 

rateclass one_mb}

 

}

 

 

I have just one more question:

 

 

What can I do to ensure that none of the other client servers fall under the above iRule when they do DNS lookups?

 

 

I removed the "else...snat none" statement, because all other servers were failing DNS lookups considering the fact that the VS is 0.0.0.0:53 UDP profile, hence managing all DNS traffic, and the "snat none" was sending the other client servers to the firewall with their real addresses and of course they were getting nowhere since I have to translate them before they get to the firewall.

 

 

I am looking for something that will say..."if client server doesn't match any of the above classes, let it do its NAT and don't assign rateclass."

 

 

thanks for your patience and support.