NimbostratusHi, In case this is useful to others (and also to validate my understanding), I found that with the following code:
binary scan [UDP::payload] H4@12A*@12H* id dname question
set dname [string tolower [getfield $dname \x00 1 ] ]
... a label of more than 15 characters resulted in the $dname including a meta-character at the start of the dname. E.g. a hostname with 45 characters resulted in a label length of hex "2d", which the iRule interpreted as a "-". A meta-character leading the dname string results in unpredictable behavior. In the case of the "-", the switch command errors out interpreting it as a command option.
To resolve the issue I simply skipped the length count by change the binary scan offset for dname to 13 bytes.
E.g.:
binary scan [UDP::payload] @13A* dname
As far as I can tell this shouldn't cause any issues, at least for the hostname portion, since we're just skipping the length count.
The best solution would be to by DNS service license though ;).
Also, for those want to do the same for TCP, you need to use TCP::collect and TCP::release and add 2 to the binary scan offset.