Forum Discussion

jrmorris_151361's avatar
jrmorris_151361
Icon for Nimbostratus rankNimbostratus
Dec 23, 2014

DNS:rrtype undefined procedure

I am trying to create the following iRule to help rate limit DNS queries for amplification protection as noted in a few articles. But I get an undefined error. I've confirmed DNS:rrtype is a good variable.

01070151:3: Rule [/Common/dns_amplification_protection] error: /Common/dns_amplification_protection:2: error: [undefined procedure: DNS::rrtype][DNS::rrtype]

when DNS_REQUEST {
  if { ([DNS::rrtype] eq "TXT") } {
     rateclass dns_rate_shape
     }
}

when DNS_RESPONSE {
  if { [DNS::len] > 512 } {
     rateclass dns_rate_shape
     }
}

Thanks.

application delivery
devops
iRules

4 Replies

Sort By
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Dec 23, 2014
    what version, and I'm assuming this is an LTM rule, not GTM?
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Dec 23, 2014

    DNS::rrtype is a GTM only iRules command. If manipulating DNS on an LTM virtual server, use the DNS::type command instead.

     

    Note that manipulating DNS from LTM iRules with the dns profile requires an active GTM or DNS services license.

     

  • jrmorris_151361's avatar
    jrmorris_151361
    Icon for Nimbostratus rankNimbostratus
    Dec 23, 2014

    Thanks. Should I be doing this on GTM instead? I was going to apply it to to the LTM VIPs so I could apply the rate class. I do have active GTM licenses.

    Thanks.

    Also...does this look correct?

    when DNS_REQUEST {
  if { ([DNS::type $rr] == "TXT") } {
     rateclass dns_rate_shape
     }
}

when DNS_RESPONSE {
  if { [DNS::len] > 512 } {
     rateclass dns_rate_shape
     }
}
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Dec 26, 2014

    The $rr is undefined in this case. That's more appropriate with an answer with several resource records (and requires a foreach loop as shown in the example code on the rdata wiki page to get the rr variable defined). I think you want something like this instead:

     

    when DNS_REQUEST {
  if { [DNS::question type] eq "TXT" } {
    rateclass dns_rate_shape
  }
}