Nimbostratusirule to drop null dns queries
Greetings!!!
I was curious if anyone else has had to deal with TONS of null queries to their external dns and if you had any luck dropping those? I am trying to get it to do it via an irule but not having much luck. I have checked out lots of different articles but cant seem to get it quite right.
I have tried:
when DNS_REQUEST{
if { [DNS::question type] equals "null" } {
DNS::drop
}
}
#and this
when DNS_REQUEST {
if {[DNS::question type] equals "10"} {
DNS::drop
}
}
# we also tried using empty rrname
when DNS_REQUEST {
if { [DNS::rrname] equals "" } { <-- this gave an error
DNS::drop
}
}
Any ideas on a way to block these effectively? We are running 14.1, and have a ticket open with support. Will post back if they see where we missed it.