Another Binary Scan Question - Parsing Binary Flag Fields

Hi All On an LTM only license (so no DNS:: objects which would be much easier I agree, but $$$) I'm trying to parse flag field values out of a DNS UDP Message packet. The packet layout and what I've been trying is below

`      0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5`
`    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+`
`    |                      ID                       | bytes = 0 1`
`    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+`
`    |QR|   Opcode  |AA|TC|RD|RA|   Z    |   RCODE   | bytes = 2 3`
`    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+`

This gives you the first two bytes and I convert to decimal just fine:
binary scan [ string range [UDP::payload] 0 1 ] S sTranIDbytes
set queryid [expr {$sTranIDbytes & 0x00ff}]

The next two bytes are where I am having troubles.  My latest attempt is
binary scan [ string range [UDP::payload] 2 3 ] b1b4b1b1b1b1b3b4 qr opcode aa tc rd ra z rcode
log local0.info "qr=[expr {$qr & 0xf}] opcode=[expr {$opcode & 0xf}] aa=[expr {$aa & 0xf}] tc=[expr {$tc & 0xf}] rd=[expr {$rd & 0xf}] ra=[expr {$ra & 0xf}] z=[expr {$z & 0xff}] rcode=[expr {$rcode & 0xff}]"

which I thought would give me what I needed, but doesn't seem to work.  I get log errors that variables aren't set (like $aa) which tells me that my parsing isn't set correctly.  I can successfully get the hex value for the whole two bytes so i know I'm looking at the right data.  It's just the binary scan formatting that's giving me grief.  I've looked at several examples including the iRules 101 articles, but they seem to only address whole byte examples.  Any thoughts, examples, or direction would be appreciated.