Forum Discussion

Ameya_4149's avatar
Ameya_4149
Icon for Nimbostratus rankNimbostratus
Apr 23, 2012

Change of Domain name in DNS response using iRule

Hi Folks,

 

Here is what I am trying to design:

 

 

On a LTM, using iRules, is there a way to change the domain in DNS response going through the LTM?

 

 

For example, the client makes a DNS query and the DNS responds with a domain xyz.com

 

Now if I want to create an iRule using the destination IP

 

 

if (destination_ip equals Pool A

 

change xyz.com to abc.com)

 

 

 

Thanks,

 

Ameya

5 Replies

  • Hi Ameya,

     

     

    What you are trying to do looks more like it should be a GTM iRule and not an LTM iRule.

     

     

    You can certainly perform a redirect based on the incoming Client IP Address though. The syntax would depend on which BIG-IP Version you are running.

     

     

    Are you on v9.x.x or v10.x.x/v11.x.x?
  • Hi Michael,

     

    I am on 10.2.2 HF3

     

    So my DNS is a Master Slave combination. The F5 forwards all the DNS queries to the Slave DNS. The Master DNS has one zone file which contains 3 domain entries for the same PTR query.

     

    So when the client does a PTR query to the DNS, it is mapped to 3 different domain entries (which the DNS does a round robin between)

     

    Now, what I want to make sure is, when client belongs to pool A, it should get a DNS response from one specific domain

     

     

    For ex. if client ip equals Pool A, then domain d1.com

     

    if client ip equals Pool B, then domain d2.com

     

    if client ip equals Pool C, then domain d3.com

     

     

    I cannot do this at the DNS server so trying to implement the fix at the ltm. I was planning to implement the iRule so that it checks the Answer field of the DNS response packet, depending on which slave DNS the response came from, it will replace the domain in the answer field.

     

     

    Thanks,

     

    Ameya
  • I was thinking of doing a binary scan on the DNS response packet. Go the answer section and replace the domain name Kind of packet spoofing.

     

    Any suggestions?

     

     

    Thanks,

     

    Ameya
    • Ronald_Godinez_'s avatar
      Ronald_Godinez_
      Icon for Nimbostratus rankNimbostratus
      Hi Ameya, did you receive more information about this question? I think I have the same issue! Regards!
  • Hi Ameya,

     

     

    Nat added a DNS decoding iRule example:

     

    https://devcentral.f5.com/wiki/iRules.DNS_decoding.ashx

     

     

    Or if you can use the DNS profile, you could do this with DNS::answer. This requires a GTM or DNS services license, but it makes the process much simpler as you have native DNS:: command hooks.

     

    https://devcentral.f5.com/wiki/iRules.DNS.ashx

     

     

    Aaron