GTM irule to log source IP address of DNS server querying a WIP and Answer back

Question

hello folks,

need some help to finish a GTM irule to log in console the source IP address of DNS servers querying my WIP, their location and the answer resolved by the GTM based on the WIP logic (topo records).

this is what I have now:

when DNS_REQUEST {

log local0. "QUERY from: [IP::remote_addr] - LOCATION: [whereis [IP::remote_addr]] - QUESTION: [DNS::question name], [DNS::question type]"

}

and this is what I get in console:

<DNS_REQUEST>: QUERY from: 180.108.0.18 - LOCATION: AS CN Shanghai {} - QUESTION: abcde.test.domain.com, A

I've been struggling to find out how to include the resolution to the question abcde.test.domain.com (Which is my WIP).

the answer is one of 2 pool members included included in the WIP.

any help is highly appreciated.

thanks! - alex.

alex_f5 · Answer

Update: In case somebody else have the same problem, I found there is not a way to add DNS_RESPONSE in GTM irules to be applied on WIPs. The ultimate workaround is via an LTM irule applied on the listener, in that irule you define something like:

when DNS_RESPONSE {

if { [DNS::question name] equals "abcde.test.domain.com" } {

log local0. "QUERY from: [IP::remote_addr] - LOCATION: [whereis [IP::remote_addr]] - QUESTION: [DNS::question name], -TYPE [DNS::question type]", - ANSWER: [DNS::answer]"

}

-alex.

Forum Discussion

GTM irule to log source IP address of DNS server querying a WIP and Answer back

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

How to ensure source address and source port are accepted and traversed properly via F5 SNAT automap

source address persistence maximum session timeout

Pool downtime query

iRule Processing query

CSV to Address External Datagroup File