GTM - How do we drop all AAAA requests from our listeners ??

Question

I would like to drop all AAAA requests, or respond with a 'noerror' if possible.  I can't seem to find an irules that can be applied to a listener.  I can create an irules and assign it to WIPs, but that is doesn't help me stop traffic from going past the listener.  I am trying to avoid any traffic for AAAA from going to our pool of DNS servers.  
&nbsp;
Thanks,&nbsp;
Chris&nbsp;

stanislas_piro2 · Answer

There is a SOL about this:&nbsp;
https://support.f5.com/kb/en-us/solutions/public/7000/800/sol7851.html&nbsp;

nathe · Answer

If you've got AFM licensed you can use a DNS Security profile too. See Filtering DNS Packets&nbsp;

stanislas_piro2 · Answer

Hi,
try this irule enabled on the Listener:
when DNS_REQUEST {
if {[DNS::question type] equals "AAAA" }{
   DNS::header rcode NOERROR
   DNS::return 
   }   
}

Forum Discussion

GTM - How do we drop all AAAA requests from our listeners ??

3 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Enabling AVR and creating Profiles

Get associated pool name from VIP IP using F5-LTM

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

About custome Response Blocking Page

Related Content

F5 Distributed Cloud - Listener Logic

How to listen to the DevCentral Podcasts

UDP DNS listener doesn't resolve DNS query but TCP DNS listener can

Distributed caching of authentication requests with NGINX Ingress Controller

How do I drop traffic on ASM?