Forum Discussion

Wasfi_Bounni's avatar
Wasfi_Bounni
Icon for Cirrocumulus rankCirrocumulus
Sep 15, 2020
Solved

DNS irule, do I need a GTM license?

Hi;

 

Do I need a GTM license for this irule? if yes, how can this irule be re-written so that it can be appended to a DNS Virtual Server with a DNS profile but without a GTM license:

 

when DNS_REQUEST {

if {[DNS::question type] equals "SRV" && [string tolower [DNS::question name]] equals "_kerberos._tcp.default-first-site-name._sites.dc._msdcs.learnish.net"}{

set new_rr_1 [DNS::rr "_kerberos._tcp.default-first-site-name._sites.dc._msdcs.learnish.net 86400 IN SRV 0 100 88 dc01.learnish.net"]

set new_rr_2 [DNS::rr "dc01.learnish.net" A IN 3600 "10.10.20.109"]

DNS::answer insert $new_rr_1

DNS::additional insert $new_rr_2

DNS::return

}

}

 

Kindly

Wasfi

 

 

  • This is an often confusing issue on two fronts: licensing AND functionality. iRules for GTM and iRules for LTM are not the same, even if they share similarities.

    • GTM iRules are applied to a GTM wide IP, require a GTM license, and lack a lot of functionality in LTM iRules.
    • LTM iRules are applied to an LTM virtual server, require either an LTM+GTM license or an LTM+DNS services license, and lack some functionality in GTM iRules, but not much. Mostly GTM pool/member state information.

    The iRule you show above is already an LTM iRule. We can know this by using the context clues in the iRule by what commands are in use. If you review the DNS namespace for iRules on Clouddocs, you'll see that whereas DNS_REQUEST, DNS::question, and DNS::rr are available in both GTM and LTM, DNS::answer, DNS::additional, and DNS::return are available in LTM only.

     

    So to answer your question...no, you do not need a GTM license to use this iRule if you already have a DNS Services license, and it should only need to be tailored to your needs as it is already an LTM iRule.

4 Replies

  • This is an often confusing issue on two fronts: licensing AND functionality. iRules for GTM and iRules for LTM are not the same, even if they share similarities.

    • GTM iRules are applied to a GTM wide IP, require a GTM license, and lack a lot of functionality in LTM iRules.
    • LTM iRules are applied to an LTM virtual server, require either an LTM+GTM license or an LTM+DNS services license, and lack some functionality in GTM iRules, but not much. Mostly GTM pool/member state information.

    The iRule you show above is already an LTM iRule. We can know this by using the context clues in the iRule by what commands are in use. If you review the DNS namespace for iRules on Clouddocs, you'll see that whereas DNS_REQUEST, DNS::question, and DNS::rr are available in both GTM and LTM, DNS::answer, DNS::additional, and DNS::return are available in LTM only.

     

    So to answer your question...no, you do not need a GTM license to use this iRule if you already have a DNS Services license, and it should only need to be tailored to your needs as it is already an LTM iRule.

  • Hi Jason;

     

    Thank you kindly for your response. This makes things clearer. Two queries around this if you don't mind:

     

    1. We don't have the DNS services license and our hardware is a Viprion, do we need to purchase it for the whole Viprion chassis or can you buy it for the individual vCMP?
    2. How do I vote your answer as the correct or best answer?

     

    Kindly

    Wasfi

    • JRahm's avatar
      JRahm
      Icon for Admin rankAdmin

      For viprion, I believe you need to have the host licensed and then any guest can use it.

       

      Select as Best is the way you can choose my answer.

       

      Note that you CAN make DNS decisions without a DNS services license, but it will require you to dig into the binary in a TCP or UDP payload (depending on how the DNS packets flow in your infrastructure). Example here in the codeshare. DO NOT apply this as is, it's very old and uses global variables. I share it only as an example of what's possible if you don't want to purchase the license. But know that the built-in DNS functionality is way more performant and reliable.