Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

F5 DNS iRule for disabling DNS Express for a CNAME query on a particular domain

Leilow214
Altostratus
Altostratus

‎09-Aug-2022 09:22

Hey Folks!

So we're using an F5 DNS as a resolver for some of our linux servers and at the same time it is the authoritative DNS for that particular domain

let's say we host example.com on the F5 DNS.

When we create a CNAME record on example.com

test.example.com CNAME test.aws.com

and test.aws.com hosts 3 A records.

What happens is DNS Express wont let us use the recursion since its built that way.

What we want is to disable DNSExpress when a CNAME query for example.com specifically. 

Is there an irule to do that?

Any help is greatly appreciated!

Thank you!

 

 

 

Labels:
0 Kudos
7 REPLIES 7

LiefZimmerman
Community Manager
Community Manager

‎15-Aug-2022 12:00

@Leilow214 - this has been hanging out for a while - have you figured out a path forward?
If not...let me know if anything has changed since the 9th and I'll see if I can find someone to lend a hand.

0 Kudos

Leilow214
Altostratus
Altostratus
In response to LiefZimmerman

‎15-Aug-2022 12:17

Hey Lief,

Good day!

Thanks for checking out on my question, I havent tested any solutions yet. But here's what Irule I did, Im not sure if this would work.

Name: CNAME_DNSX_iRule

when DNS_REQUEST {

if { ([string toupper [DNS::question type]] eq "CNAME") }
{
DNS::disable dnsx
}
}

 

Thank you.

JRahm
Community Manager
Community Manager
In response to Leilow214

‎15-Aug-2022 19:47

yes, that should work fine, DNS iRules processing is handled up front (as shown in this lightboard lesson). You can further refine by extending your if condition to the targeted domain in the query received if necessary.

I'm pretty sure DNS::question type returns all caps already, but you could test to make sure and then eliminate the extra string command for the comparison.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral
0 Kudos

Leilow214
Altostratus
Altostratus
In response to JRahm

‎16-Aug-2022 05:11

Hi JRahm,

Good day!

Thank you for the response, appreciate it. How do I refine it only for the targeted domain? Can you share the commands/syntax please?

Regards,

Leo

0 Kudos

JRahm
Community Manager
Community Manager
In response to Leilow214

‎16-Aug-2022 13:53

 

something like this should work for you, I threw in my.domain.com as a test condition.

when DNS_REQUEST {
  if { ([string toupper [DNS::question type]] eq "CNAME") && ([string toupper [DNS::question name]] eq "my.domain.com")} {
    DNS::disable dnsx
  }
}

Again...i'd test to see how DNS::question returns values, and if all caps or all lower case on each sub-command (type, name, etc) then you can safely remove the string toupper to avoid the additional operations.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral
0 Kudos

Leilow214
Altostratus
Altostratus
In response to JRahm

‎17-Aug-2022 06:27

Thank you so much for the response guys! I will test this out by next week and let you all know the result.

Regards,

Leo

LiefZimmerman
Community Manager
Community Manager
In response to Leilow214

‎13-Oct-2022 17:51

@Leilow214 - were you able to sort this out? Was @JRahm 's proposal a viable solution?

0 Kudos
Copyright © 2023 Khoros, LLC