Forum Discussion

JG's avatar
JG
Icon for Cumulonimbus rankCumulonimbus
Jul 22, 2014

v11.3.0: How to get DNS lookup work in an irule?

I am trying to get an irule to look up a name in DNS. "[RESOLV::lookup -a host_name]" simply times out.

 

The irule works in v10.2.4 when I enable the BIND server with a forwarder to our dns server (not really a good idea as it seems to enable the service on all self-ip addresses). In v11.3.0, bind listens only on 127.0.0.1:53 and restricts access to from localhost only and I could not even get the irule work as on v10.2.4.

 

What have I missed?

 

There doesn't seem to be a lot of up-to-date documentation about this topic.

 

6 Replies

  • Are you using the @IP or @[virtual name] syntax to point the DNS query at a specific external DNS server? You should not need to point to the local BIND instance.

     

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus

    I did try using an external DNS server by using @ip, but it always timed out. The same address works in the management plane, but does not work in the data plane - in the irule. That is why I tried and got it work on v10.2.4 by making it use the local bind server. No such luck on v11.3.0, though.

     

  • Can you do a tcpdump to see where and if the port 53 traffic is leaving the box? It may be a routing issue.

     

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus

    I did this:

     tcpdump -nni 0.0:nnn -s0 port 53
    

    but it did not capture anything, not even the traffic of dig.

     tcpdump -nni eth0 -s0 port 53

    This captures the traffic from running dig:

    tcpdump: WARNING: eth0: no IPv4 address assigned
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
    11:55:58.205093 IP 172.21.197.14.50776 > 172.18.240.210.53:  41681+ A? www.sina.cn. (29)
    11:55:58.500352 IP 172.18.240.210.53 > 172.21.197.14.50776:  41681 2/2/2 CNAME sina.cn., A 203.90.242.118 (136)
    

    but does not capture any packets when the irule is run.

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus

    It turned out that appending route domain ID made it work, e.g.:

    [RESOLV::lookup @10.10.10.10%1 -a host_name]
    

    Not sure why this is required: Shouldn't it default to the partition's default route domain?

  • I'm getting the same problem. All the RESOLV:lookup queries returns no data. Any help is welcome