Forum Discussion

hung_105573's avatar
hung_105573
Icon for Nimbostratus rankNimbostratus
Jul 12, 2013

Irule Dns to handle nslookup dns from client

Hi all

 

i have irule handle request dns from client , when client lookup dns with subdomain match list subdomain in white_list datagroup then this irule will reponse record "A" to client , this a irule also monitor link status of line internet terminated on F5 . the case 3 lines internet up then , we want this irule response record "A" to client flow loadbalance round robin to share performance of 3 lines .

 

pls see irule and help me

 

 

when DNS_REQUEST {

 

set Whitelist_Match 0

 

if {[class match $fqdn equals whitelist] } {

 

does FQDN exist in our whitelist string:value datagroup for that site.

 

if { [LB::status node 183.91.x.y] eq "up" } {

 

Client made a DNS request for a Whitelist site.

 

set Whitelist_Match 1

 

 

set FakeIPv4_cmc [class match -value $fqdn equals whitelist]

 

DNS::return

 

}

 

if { [LB::status node 222.255.x.y] eq "up" } {

 

set Whitelist_Match 1

 

set FakeIPv4_vnpt [class match -value $fqdn equals vnpt_whitelist]

 

DNS::return

 

}

 

if {[LB::status node 118.69.x.y] eq "up" } {

 

set Whitelist_Match 1

 

set FakeIPv4_fpt [class match -value $fqdn equals fpt_whitelist]

 

DNS::return

 

}

 

}

 

}

 

when DNS_RESPONSE {

 

if { $Whitelist_Match } {

 

 

switch [DNS::question type] {

 

"A" {

 

DNS::answer insert "$fqdn. $static::whitelist_ttl [DNS::question class] [DNS::question type] $FakeIPv4_cmc"

 

DNS::answer insert "$fqdn. $static::whitelist_ttl [DNS::question class] [DNS::question type] $FakeIPv4_vnpt"

 

DNS::answer insert "$fqdn. $static::whitelist_ttl [DNS::question class] [DNS::question type] $FakeIPv4_fpt"

 

 

}

 

default {

 

}

 

 

}

 

}

 

 

}

 

 

many thanks

 

application delivery
dev
devops
iRules

2 Replies

Sort By
  • VernonWells's avatar
    VernonWells
    Icon for Employee rankEmployee
    Jan 09, 2020

     , for something of this complexity, you may be well-served to engage F5 Professional Services. I will also say that the DNS Services module can handle this sort of case more natively.

     

    Having said all of that, I assume the above rule works, but it is only returning a single A record. Is that the case? I also understand from your description that, if all three uplink checks (the LB::status node calls, that is) succeed, you want to return all three A records (essentially, all three class match -value $fqdn calls). What do you want to happen if two of the links are up? Return two A records? I will assume that is what you want.

     

    I've not tested the following code, but assuming the code above works, this should get you close to the right answer:

     

    when DNS_REQUEST {
    set return_a_records [list]
    if { [class match $fqdn equals whitelist] } {
        # does FQDN exist in our whitelist string:value datagroup for that site.
        if { [LB::status node 183.91.1.1] eq "up" } {
            # client made a DNS request for a Whitelist site.
            lappend return_a_records [class match -value $fqdn equals whitelist]
        }   
 
        if { [LB::status node 222.255.1.1] eq "up" } {
            lappend return_a_records [class match -value $fqdn equals vnpt_whitelist]
        }
 
        if {[LB::status node 118.69.1.1] eq "up" } {
            lappend return_a_records [class match -value $fqdn equals fpt_whitelist]
        }
    }
}   
 
when DNS_RESPONSE {
    if { $Whitelist_Match } {
        switch [DNS::question type] {
            "A" {
                foreach ip $return_a_records {
                    DNS::answer insert "$fqdn. $static::whitelist_ttl [DNS::question class] [DNS::question type] $ip"
                }
            }
        }
    }
}

     

  • DanaStone's avatar
    DanaStone
    Icon for Nimbostratus rankNimbostratus
    Mar 12, 2020

     I assume the above rule works, but it is only returning a single A record. Is that the case? I also understand from your description that, if all three uplink checks succeed, you want to return all three A records What do you want to happen if two of the links are up?