cancel
Showing results for 
Search instead for 
Did you mean: 

What is the syntax equivalent of RESOLV::lookup with the RESOLVER::name_lookup command?

PhillyPDXMike
Nimbostratus
Nimbostratus

With RESOLV::lookup being deprecated as of version 15.1 in favor of the RESOLVER and DNSMSG namespaces, I am not finding detailed enough documentation and examples to convert my 14.1 iRule to the new 15.1 syntax. My end goal is to do a reverse lookup (PTR) of the IP::client_addr against two internal DNS servers, then log it.

 

14.1 Syntax

 

when CLIENT_ACCEPTED {  log local0. "The client source IP address is: [IP::client_addr]"  log local0. "[IP::client_addr] resolves in DNS (server1) to [RESOLV::lookup @192.168.1.1 -ptr "[IP::client_addr]"]"  log local0. "[IP::client_addr] resolves in DNS (server2) to [RESOLV::lookup @192.168.1.2 -ptr "[IP::client_addr]"]" }
1 ACCEPTED SOLUTION

JRahm
Community Manager
Community Manager

I wrote a gist to cover this, but also, a peer of mine, Paul, has a more complete solution in BUG 931149 (make sure you have a working net resolver in tmsh):

 

proc resolv_ptr_v4 { addr_v4 } { # Convert $addr_v4 into its constituent bytes set ret [scan $addr_v4 {%d.%d.%d.%d} a b c d] if { $ret != 4 } { return }   # Perform a PTR lookup on the IP address $addr_v4, and return the first answer set ret [RESOLVER::name_lookup "/Common/resolver-for-irules" "$d.$c.$b.$a.in-addr.arpa" PTR] set ret [lindex [DNSMSG::section $ret answer] 0] if { $ret eq "" } { # log local0.warn "DNS PTR lookup for $addr_v4 failed." return }   # Last element in '1.1.1.10.in-addr.arpa. 600 IN PTR otters.example.com' return [lindex $ret end] }   -- In an iRule, instead of: RESOLV::lookup @192.88.9.1 $ipv4_addr Use: call resolv_ptr_v4 $ipv4_addr

For consistency across all record types, I'm going to flesh out that proc in the next few days so you can use the proc to pass the query and the query type so you don't have to have different logic in your main iRule just for PTR records.

View solution in original post

1 REPLY 1

JRahm
Community Manager
Community Manager

I wrote a gist to cover this, but also, a peer of mine, Paul, has a more complete solution in BUG 931149 (make sure you have a working net resolver in tmsh):

 

proc resolv_ptr_v4 { addr_v4 } { # Convert $addr_v4 into its constituent bytes set ret [scan $addr_v4 {%d.%d.%d.%d} a b c d] if { $ret != 4 } { return }   # Perform a PTR lookup on the IP address $addr_v4, and return the first answer set ret [RESOLVER::name_lookup "/Common/resolver-for-irules" "$d.$c.$b.$a.in-addr.arpa" PTR] set ret [lindex [DNSMSG::section $ret answer] 0] if { $ret eq "" } { # log local0.warn "DNS PTR lookup for $addr_v4 failed." return }   # Last element in '1.1.1.10.in-addr.arpa. 600 IN PTR otters.example.com' return [lindex $ret end] }   -- In an iRule, instead of: RESOLV::lookup @192.88.9.1 $ipv4_addr Use: call resolv_ptr_v4 $ipv4_addr

For consistency across all record types, I'm going to flesh out that proc in the next few days so you can use the proc to pass the query and the query type so you don't have to have different logic in your main iRule just for PTR records.