DATAGRAM::dns¶
Description¶
This iRules command returns DNS header information.
Note: L4 protocol of the packet must be either TCP or UDP for this
command to work. Also, the L4 port must be equal to the dns port
(typically port 53).
Syntax¶
DATAGRAM::dns <id | qr | opcode | qdcount | ancount | nscount | arcount>
DATAGRAM::dns qr¶
- Returns DNS header ‘query/response’ as a boolean value. 0 indicates a ‘query’ and 1 indicates a ‘response’.
DATAGRAM::dns opcode¶
- Returns DNS header ‘opcode’ as a string. Values include ‘Query’, ‘IQuery’, ‘Status’, ‘Notify’, ‘Update’ and ‘Unassigned’.
Examples¶
when FLOW_INIT {
if { [IP::protocol] == 6 } {
log local0. "TCP Payload Length = [DATAGRAM::tcp payload_length] Payload: [DATAGRAM::tcp payload 100]"
log local0. "DNS Header fields ID: [DATAGRAM::dns id] QR: [DATAGRAM::dns qr] OPCODE: [DATAGRAM::dns opcode] QDCOUNT: [DATAGRAM::dns qdcount]"
}
if { [IP::protocol] == 17 } {
log local0. "UDP Payload Length = [DATAGRAM::udp payload_length] Payload: [DATAGRAM::udp payload 100]"
log local0. "DNS Header fields ID: [DATAGRAM::dns id] QR: [DATAGRAM::dns qr] OPCODE: [DATAGRAM::dns opcode] QDCOUNT: [DATAGRAM::dns qdcount]"
}
}