Forum Discussion

Livius's avatar
Livius
Icon for Altostratus rankAltostratus
May 31, 2018

Extract the IP address in iRule from ADDITIONAL SECTION response in DNS query

Hi,

 

I have a piece of code in iRule triggering a DNS query on a VS as follows :

 

set original_fqdn [findstr $RouteValue "sip:N" 4 ";"] if {$static::debug} {log local0.info "fqdn = $original_fqdn "}

 

set resolved_ip 0

 

set resolved_ip [RESOLV::lookup @/Common/iDNS__vs -naptr $original_fqdn]

 

      if {$static::debug} {log local0.info "Checking $original_fqdn and NAME::response: $resolved_ip"} 
      set _ipaddress [lindex $resolved_ip 0]

The problem I have with this code is that it does not capture the right IP address, since they are in the ADDITIONAL SECTION

 

root@TBNHPVF5103-33:/S1-green-P:Active:Changes Pending] config dig -t naptr @172.16.16.4 NBG-ESCT.ims.telekom.de

 

; <<>> DiG 9.9.8-P4 <<>> -t naptr @172.16.16.4 NBG-ESCT.ims.telekom.de ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30400 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 8

 

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;NBG-ESCT.ims.telekom.de. IN NAPTR

 

;; ANSWER SECTION: nbg-esct.ims.telekom.de. 100 IN NAPTR 110 50 "s" "SIP+D2T" "" _sip._tcp.NBG-ESCT.ims.telekom.de.

 

;; AUTHORITY SECTION: ims.telekom.de. 86400 IN NS nbg-edit712--gep-m0-s5.ims.telekom.de.

 

;; ADDITIONAL SECTION: nbg-esct711.ims.telekom.de. 100 IN A 37.50.134.26 nbg-esct721.ims.telekom.de. 100 IN A 37.50.134.18 nbg-esct751.ims.telekom.de. 100 IN A 80.149.128.17 nbg-edit712--gep-m0-s5.ims.telekom.de. 100 IN A 37.50.134.108 _sip._tcp.nbg-esct.ims.telekom.de. 100 IN SRV 0 10 5060 NBG-ESCT751.ims.telekom.de. _sip._tcp.nbg-esct.ims.telekom.de. 100 IN SRV 0 10 5060 NBG-ESCT711.ims.telekom.de. _sip._tcp.nbg-esct.ims.telekom.de. 100 IN SRV 0 10 5060 NBG-ESCT721.ims.telekom.de.

 

;; Query time: 8 msec ;; SERVER: 172.16.16.453(172.16.16.4) ;; WHEN: Thu May 31 19:43:06 CEST 2018 ;; MSG SIZE rcvd: 408

 

The variable I extract is wrong :

 

110 50 s SIP+D2T {} _sip._tcp.NBG-ESCT.ims.telekom.de instead of the actual IP address. I guess my lindex syntax is wrong here, but I am not sure...

 

application delivery
BIG-IP
BIG-IP DNS

3 Replies

Sort By
  • Leonardo_Souza's avatar
    Leonardo_Souza
    Icon for Cirrocumulus rankCirrocumulus
    Jun 04, 2018

    The lindex just gets an element from a list, starting from 0. Dump the variable resolved_ip to the logs and look what is inside of the list.

     

    If the addition section is not on the list, just get the name, and make another query for a A record. Is not efficient, as you are doing 2 queries, but works. The information in the additional section is to avoid systems to have to do a second query, but if you can't do that with RESOLV::lookup, that is a valid option.

     

  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Jun 04, 2018

    Hi,

    try this:

    set clientptr [RESOLV::lookup @8.8.8.8 $original_fqdn]

    Where 8.8.8.8 is your dns, you can set a vs if you want:

    set clientptr [RESOLV::lookup @/Common/VS $original_fqdn]

    You can also retrieve ptr, ... example

    set clientptr [RESOLV::lookup @8.8.8.8 -ptr $original_ip]

    for your info:

    https://devcentral.f5.com/wiki/irules.resolv__lookup.ashx

    regards

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Jun 04, 2018

    In documentation, it seems there is no command to get additional section records.

     

    I guess you have to check if the result of the first request is an IP address. If not, run another dns request with result of the first request as record name.