Forum Discussion

paul_dcc's avatar
paul_dcc
Icon for Nimbostratus rankNimbostratus
Apr 08, 2014

GTM DNS REQUEST

Hi All, I need an IRule for GTM so when I receive a DNS Request if it is looking for; .gcsx.gov.uk or gsi.gov.uk (and there are a few more domains) then forward it to Pool 1 or if it is looking for nhs.uk forward it to Pool 2 or if it is looking for any think else forward it to its default Pool. Is this possible (I hope it is !!!) ?

 

application delivery
devops
iRules

7 Replies

Sort By
  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Apr 08, 2014

    This iRule uses data groups and should allow you some more flexibility going forward, if you wish to add more domains. This will require you to create two data groups (string type is fine) in order for this to work:

    dotuk_group (include gcsx.gov.uk and gsi.gov.uk domains)

    nhs_group (include nhs.uk domain)

    This iRule should work for you:

    when DNS_REQUEST {
    DNS::question name [string tolower [DNS::question name]]
    if { [class match [DNS::question name] eq dotuk_group] } {
            DNS::disable all
            pool pool1
    }
    elseif { [class match [DNS::question name] eq nhs_group] } {
            DNS::disable all
            pool pool2
    }
    else {
            DNS::disable all
            pool default_pool
    }
}
  • paul_dcc's avatar
    paul_dcc
    Icon for Nimbostratus rankNimbostratus
    Apr 09, 2014

    Thanks for the IRule, just one question what does DNS::disable all do ?

     

  • paul_dcc's avatar
    paul_dcc
    Icon for Nimbostratus rankNimbostratus
    Apr 09, 2014

    Hi Cosby,

     

    I can't get the wildcard to match, I'm running Ver 11.5 and the only way I can get any match within the Data Group is to have the exact same thing; mail.gcsx.gov.uk (have that in the Data Group would get a match) but having *.gcsx.gov.uk would not match mail.gcsx.gov.uk ??? I can't see what I'm doing wrong.

     

    Hope you can help.................

     

  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Apr 09, 2014

    DNS::disable all just prevents any further processing of DNS (GTM, ZoneRunner), since you're forwarding the query somewhere else for resolution.

    Instead of an exact match, the iRule can be modified to match for "ends with". Like this:

    when DNS_REQUEST {
    DNS::question name [string tolower [DNS::question name]]
    if { [class match [DNS::question name] ends_with dotuk_group] } {
            DNS::disable all
            pool pool1
    }
    elseif { [class match [DNS::question name] ends_with nhs_group] } {
            DNS::disable all
            pool pool2
    }
    else {
            DNS::disable all
            pool default_pool
    }
}

    So there's no need for you to put the wildcard FQDN in your dotuk_group. Just put it in as gcsx.gov.uk and the ends_with will match anything of that domain or any sub domains.