Implementing Client Subnet DNS Requests

Hi Eric,

thanks for the quick reply. My client is running v12 and the same behaviour with the fuction was observed in v14 unfortunately.

Actually my client needs to handle specific DNS requests in the listener iRule completely without forwarding them internally to gtmd/bind.

So we cannot use the built-in feature.

My concern is, that the function always parses 4 bytes even the query contains only the network address according to the prefix length.

This might result in bad memory allocation ...

To handle the EDNS0-ECS information properly for IPv4 I worked around as follows:

if {[DNS::edns0 exists] &! [catch { DNS::edns0 subnet address }]} {
    set ecs_prefix [DNS::edns0 subnet source]
    set ecs_scope [DNS::edns0 subnet scope]
    # generate a string equivalent to prefix length (expr (pow) not implemented); missing bits padded by zeros) and scan to vars
    binary scan [binary format B32 [string repeat 1 ${ecs_prefix}]] cccc maskd1 maskd2 maskd3 maskd4
    #log local0. "\[DNS::edns0 subnet address\]: [DNS::edns0 subnet address] (\[DNS::edns0 subnet source\]: [DNS::edns0 subnet source])"
    # mask provided IPv4 address with prefix
    set ecs_subnet_masked [IP::addr [DNS::edns0 subnet address] mask [expr {${maskd1} & 0xff}].[expr {${maskd2} & 0xff}].[expr {${maskd3} & 0xff}].[expr {${maskd4} & 0xff}]]
    unset maskd1 maskd2 maskd3 maskd4
    log local0. "masked EDNS0-ECS subnet: ${ecs_subnet_masked}/${ecs_prefix} ([whereis ${ecs_subnet_masked} country])"
}

I will do some further testing with EDNS0-ECS providing IPv6 information.

As mentioned before, it would be great to get an extension to the DNS::edns0 subnet function to check the address family value.

Otherwise I need to implement an additional test for the address type.

(Perhaps its already there and just not documented?)

I will open a service request with the F5 support team and keep you posted.

Cheers, Stephan