DNS::edns0

Description

This iRules command gets (v11.0+) and sets (v11.1+) the values of the edns0 pseudo-RR.
Note: This command requires the DNS Profile, which is only enabled as part of GTM or the DNS Services add-on.

Syntax

DNS::edns0 <exists [nsid]|do|sz|nsid> [value]

v11.5+
DNS::edns0 subnet <address|source|scope> [<IP|int|int>]

DNS::edns0 <exist [nsid]|do|sz|nsid> [value]

  • Retrieves and sets the values of the edns0 pseudo-RR. The exist argument returns a Boolean for the presense of the RR in the current DNS packet. Specifying exist nsid returns a Boolean for the presense of the NSID option in the EDNS0 rdata
    • exists nsid
      • returns true/false for presence of EDNS0/NSID in dns packet
    • do (DNSSEC)
      • returns boolean of false if no edns0 RR or boolean of true for presence of DO flag
    • sz (UDP Max Payload Size)
      • returns boolean of false if no edns0 RR or integer for the UDP size
    • nsid (Nameserver ID, RFC 5001)
      • returns a byte array: empty if a NSID query, non-empty containing NSID bytes
    • TCL_ERROR is returned if the command is called when there is no edns0 or NSID field.

DNS::edns0 subnet <IP address|source|scope> [<IP|int|int>]

  • Returns IP address, source or scope as specified by the argument from the client-subnet option. Without an argument, returns an IP address, Integer, and Integer, respectivel for IP address, source, and scope respectively. The arguments can be used to set the values as well.

Examples

when DNS_REQUEST {
  if { [DNS::edns0 exists] } {
    log local0. [DNS::edns0 subnet address]"
  }
}


# Inserts EDNS header with LDNS/client IP address
when DNS_REQUEST {
    DNS::edns0 subnet address [IP::client_addr]
    DNS::edns0 subnet source 32
}