DNS::scrape

Description

This iRules command allows users to walk over a DNS message and parse out information from the packet based on user supplied arguments.
Note: This command functions only in the context of LTM iRules and requires the DNS Profile, which is only enabled as part of GTM or the DNS Services add-on.

Syntax

DNS::scrape ANSWER <type|ttl|qname|qnamelen|rdata|rdatalen|class>+
DNS::scrape AUTHORITY <type|ttl|qname|qnamelen|rdata|rdatalen|class>+
DNS::scrape ADDITIONAL <type|ttl|qname|qnamelen|rdata|rdatalen|class>+
DNS::scrape ALL <type|ttl|qname|qnamelen|rdata|rdatalen|class>+

Note: Returned RDATA and QNAME data will be in binary format. QNAME data may be compressed. If you need ASCII/Uncompressed equivalent data, please use “DNS::rdata” or “DNS::question name” respectively.

DNS::scrape ANSWER <type|ttl|qname|qnamelen|rdata|rdatalen|class>+

  • returns one or more of the specified keywords in the ANSWER section as a list (or in the case of multiple fields, lists of lists.) the field lists will be returned in the order specified.

DNS::scrape AUTHORITY <type|ttl|qname|qnamelen|rdata|rdatalen|class>+

  • returns one or more of the specified keywords in the AUTHORITY section as a list (or in the case of multiple fields, lists of lists.) the field lists will be returned in the order specified.

DNS::scrape ADDITIONAL <type|ttl|qname|qnamelen|rdata|rdatalen|class>+

  • returns one or more of the specified keywords in the ADDITIONAL section as a list (or in the case of multiple fields, lists of lists.) the field lists will be returned in the order specified.

DNS::scrape ALL <type|ttl|qname|qnamelen|rdata|rdatalen|class>+

  • returns one or more of the specified keywords in ALL sections (but never the question section) as a list (or in the case of multiple fields, lists of lists.) the field lists will be returned in the order specified.

Examples

when DNS_RESPONSE {
   foreach rr [DNS::scrape ANSWER type ttl qnamelen rdatalen] {
     log local2. "ANSWER: $rr"
   }
   foreach rr [DNS::scrape AUTHORITY type ttl class qnamelen rdatalen] {
     log local2. "AUTHORITY: $rr"
   }
   foreach rr [DNS::scrape ADDITIONAL type ttl class qnamelen rdatalen] {
     log local2. "ADDITIONAL: $rr"
   }
 }