Forum Discussion

Rex_96674's avatar
Rex_96674
Icon for Nimbostratus rankNimbostratus
Apr 19, 2007

SIMPLE DNS QUERY SCENARIO

SIMPLE DNS QUERY SCENARIO:

 

 

- I have defined two pools on my F5 BigIP, each of which contains a few DNS servers. I am trying to use an iRule on the F5 BigIP to perform the following:

 

 

1. Inspect the incoming inbound DNS query packet

 

 

2. If the query is for the domain "snow.com" or for "cold.snow.com", send the packet to one pool (containing the DNS servers ) to be resolved.

 

 

3. If the DNS query packet is NOT for the above domains, (i.e. everything else), send to the other pool. (containing my second set of DNS servers).

 

 

I believe it is simple as:

 

 

when DNS_REQUEST {

 

if { ([NAME::lookup] equals "snow.com") or ([NAME::lookup] equals "cold.snow.com")

 

pool DNS_Servers_1

 

else {

 

pool DNS_Servers_2

 

}}

 

 

 

Q: Does anything look wrong with the above, and any minimum software version I would need to accomplish this ?

 

Q: Should i be using 'use pool' instead of just 'pool' in my if/else statement? Any gotchas ?

 

 

 

Rex

1 Reply

  • you're reading the name::lookup function incorrectly, it's not for that at all. that would be for making the ltm perform a lookup itself. i *believe* that you would just be able to do a regex on the udp payload itself.

     

     

    check colin's reply here for scanning a udp payload, seems similar to what you want to do http://devcentral.f5.com/Default.aspx?tabid=53&view=topic&forumid=5&postid=10118