Forum Discussion
Ilian_Ivanov
Jun 06, 2017Nimbostratus
My best guess is:
when DNS_REQUEST {
set fqdn [DNS::question name]
if { !($fqdn ends_with "xxx.org.in")} {
log localo. "----[DNS::question name] Dropped-----"
drop
}
}
when DNS_RESPONSE {
set answer [DNS::rrname]
if { !($answer ends_with "xxx.org.in")} {
log localo. "----[DNS::rrname] Dropped-----"
drop
}
}
You can also try with [DNS::answer] instead of [DNS::rrname].