Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

F5 DNS iRule for disabling DNS Express for a CNAME query on a particular domain

Leilow214
Altostratus
Altostratus

Hey Folks!

So we're using an F5 DNS as a resolver for some of our linux servers and at the same time it is the authoritative DNS for that particular domain

let's say we host example.com on the F5 DNS.

When we create a CNAME record on example.com

test.example.com CNAME test.aws.com

and test.aws.com hosts 3 A records.

What happens is DNS Express wont let us use the recursion since its built that way.

What we want is to disable DNSExpress when a CNAME query for example.com specifically. 

Is there an irule to do that?

Any help is greatly appreciated!

Thank you!

 

 

 

7 REPLIES 7

LiefZimmerman
Community Manager
Community Manager

@Leilow214 - this has been hanging out for a while - have you figured out a path forward?
If not...let me know if anything has changed since the 9th and I'll see if I can find someone to lend a hand.

Hey Lief,

Good day!

Thanks for checking out on my question, I havent tested any solutions yet. But here's what Irule I did, Im not sure if this would work.

Name: CNAME_DNSX_iRule

when DNS_REQUEST {

if { ([string toupper [DNS::question type]] eq "CNAME") }
{
DNS::disable dnsx
}
}

 

Thank you.

JRahm
Community Manager
Community Manager

yes, that should work fine, DNS iRules processing is handled up front (as shown in this lightboard lesson). You can further refine by extending your if condition to the targeted domain in the query received if necessary.

I'm pretty sure DNS::question type returns all caps already, but you could test to make sure and then eliminate the extra string command for the comparison.

Hi JRahm,

Good day!

Thank you for the response, appreciate it. How do I refine it only for the targeted domain? Can you share the commands/syntax please?

Regards,

Leo

JRahm
Community Manager
Community Manager

 

something like this should work for you, I threw in my.domain.com as a test condition.

when DNS_REQUEST {
  if { ([string toupper [DNS::question type]] eq "CNAME") && ([string toupper [DNS::question name]] eq "my.domain.com")} {
    DNS::disable dnsx
  }
}

Again...i'd test to see how DNS::question returns values, and if all caps or all lower case on each sub-command (type, name, etc) then you can safely remove the string toupper to avoid the additional operations.

 

Thank you so much for the response guys! I will test this out by next week and let you all know the result.

Regards,

Leo

@Leilow214 - were you able to sort this out? Was @JRahm 's proposal a viable solution?