how to send NXDOMAIN with BigIP DNS

Question

Hi friends,&nbsp;I have a question. A customer would like to manipulate some DNS responses using F5 DNS having the following use cases:Change the DNS Response IP (to a public IP)Change the DNS Response to NXDOMAIN (for IP addresses which should not be published)&nbsp;I thought about the following iRule to create the 1st use case:when DNS_REQUEST {&nbsp;&nbsp;&nbsp;&nbsp;if { [DNS::question name] equals "fqdn.of.customer" }{&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;DNS::answer insert "[DNS::question name]. 3600 [DNS::question class] [DNS::question type] 1.2.3.4"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;DNS::return&nbsp;&nbsp;&nbsp;&nbsp;}}&nbsp;Any idea what I have to use to return a NXDOMAIN?DNS::answer insert "???"&nbsp;Do you see a simpler approach? (mid Term we will implement different DNS views).&nbsp;Thanks,Rolf

rolf · Answer

After searching a while i found the correct iRule statements:&nbsp;        DNS::answer clear        DNS::header rcode NXDOMAIN        DNS::return&nbsp;&nbsp;

Forum Discussion

how to send NXDOMAIN with BigIP DNS

1 Reply

Recent Discussions

google autenticator broken barcode

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Related Content

BIG-IP Advanced Firewall Manager (AFM) DNS NXDOMAIN Query Attack Type Walkthrough - part two

BIG-IP Advanced Firewall Manager (AFM) DNS NXDOMAIN Query Attack Type Walkthrough

Re: BigIP Report

BIGIP unable to send tcp/udp packets to syslog servers

BigIP Report Old