Forum Discussion

Sergi0's avatar
Sergi0
Icon for Nimbostratus rankNimbostratus
Apr 02, 2018

GTM irule CNAME filter

I would like to create a filter on my GTM for remove CNAME and replace with the default answer like GTM bind does not have CNAME.

I want to block respond CNAME I have ";

 dig cname www.wip.company.com  @10.10.10.9

; <<>> DiG 9.9.10-P3 <<>> cname www.wip.company.com @10.10.10.9
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58987
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.wip.company.com.          IN      CNAME

;; ANSWER SECTION:
www.wip.company.com.   0       IN      CNAME   www.company.com.

;; AUTHORITY SECTION:
company.com.            0       IN      NS      GTM1.company.com.
application delivery
BIG-IP DNS
devops
dns
gtm
irule
iRules

4 Replies

Sort By
  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Apr 03, 2018

    Will you please rephrase your question? It is not clear what problem you are trying to resolve.

     

  • Sergi0's avatar
    Sergi0
    Icon for Nimbostratus rankNimbostratus
    Apr 03, 2018

    I would like to block GTM from any response except WIP type A.I tried to disable bind in DNS profile but it gives timeout for clients want is not good. I have created irule for listener. So clients have blank respond from GTM, no AAAA, CNAME or ANY in respond. 

    when DNS_REQUEST {
  if {!([DNS::question type] eq "A") }  {
    DNS::answer clear 
    DNS::return
 }
 }
  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Apr 04, 2018

    I'd try and find out why clients are sending this CNAME query to this server in the first place, which seems to suggest a DNS configuration error, and solve that problem. But specific to blocking the query type, here's one you could use:

    when DNS_REQUEST {
    if { !([string toupper [DNS::question type]] eq "A") }  {
        DNS::last_act reject
        DNS::return
    }
}

    .