Logging of DNS Requests and Responses without a DNS license
Code is community submitted, community supported, and recognized as ‘Use At Your Own Risk’.
Short Description
This iRules logs DNS requests and responses in detail. It can parse all the headers, metadata and payloads and works for udp and tcp protocols. It supports multiple queries/answers in one TCP connection and DNS pipelining.
Example logs:
# Request
1.1.1.1 -> /Common/vs_dns_udp Query (32004): {name axians.de type MX class IN}
# Response
2.2.2.2 -> /Common/vs_dns_udp -> 1.1.1.1 Query (32004): {name axians.de type MX class IN}, flags: QR QUERY RD RA, query: 1, answer: 1, authority: 0, additional: 3, status ok
2.2.2.2 -> /Common/vs_dns_udp -> 1.1.1.1 Answer (32004): {name axians.de type MX class IN ttl 3600 rdata {10 axians-de.mail.protection.outlook.com}}
2.2.2.2 -> /Common/vs_dns_udp -> 1.1.1.1 Additional (32004): {name axians-de.mail.protection.outlook.com type A class IN ttl 2 rdata 104.47.0.36} {name axians-de.mail.protection.outlook.com type A class IN ttl 2 rdata 104.47.2.36} {name {} type OPT class 4000 ttl 0 rdata {}}
Problem solved by this Code Snippet
Logging of DNS Requests and Responses without a DNS license, a LTM license is sufficient.
How to use this Code Snippet
The README.md in the further down linked GitHub repository describes the installation and configuration.
Code Snippet Meta Information
- Version: 1
- Coding Language: iRule / tcl
Full Code Snippet
Code is maintained in a GitHub Repository: https://github.com/JuergenMang/f5-dns-logging
Published Jun 05, 2023
Version 1.0