Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

Are you an expert?    Interested in presenting at F5 AppWorld 2024?    Submit a proposal by Nov 29th!

GTM irule to log source IP address of DNS server querying a WIP and Answer back

Alex_f5
Altostratus
Altostratus

‎27-Aug-2020 17:02

hello folks,

need some help to finish a GTM irule to log in console the source IP address of DNS servers querying my WIP, their location and the answer resolved by the GTM based on the WIP logic (topo records).

 

this is what I have now:

 

when DNS_REQUEST {

  log local0. "QUERY from: [IP::remote_addr] - LOCATION: [whereis [IP::remote_addr]] - QUESTION: [DNS::question name], [DNS::question type]"

}

 

and this is what I get in console:

<DNS_REQUEST>: QUERY from: 180.108.0.18 - LOCATION: AS CN Shanghai {} - QUESTION: abcde.test.domain.com, A

 

I've been struggling to find out how to include the resolution to the question abcde.test.domain.com (Which is my WIP).

the answer is one of 2 pool members included included in the WIP.

 

any help is highly appreciated.

thanks! - alex.

 

Labels:
1 REPLY 1

Alex_f5
Altostratus
Altostratus

‎28-Aug-2020 07:32

Update: In case somebody else have the same problem, I found there is not a way to add DNS_RESPONSE in GTM irules to be applied on WIPs. The ultimate workaround is via an LTM irule applied on the listener, in that irule you define something like:

 

when DNS_RESPONSE {

if { [DNS::question name] equals "abcde.test.domain.com" } {

log local0. "QUERY from: [IP::remote_addr] - LOCATION: [whereis [IP::remote_addr]] - QUESTION: [DNS::question name], -TYPE [DNS::question type]", - ANSWER: [DNS::answer]"

 }

}

 

 

-alex.

Copyright © 2023 Khoros, LLC