ltm rule command DNS header
iRule(1) BIG-IP TMSH Manual iRule(1)
DNS::header
Gets (v11.0+) or sets (v11.1+) simple bits or byte fields.
SYNOPSIS
DNS::header (('id' (UNSIGNED_SHORT)?)
| ('qr' (BOOLEAN)?)
| ('opcode' ('query' | 'QUERY' | 'iquery' |
'IQUERY'
| 'status' | 'STATUS' | 'notify' |
'NOTIFY'
| 'update' | 'UPDATE')?)
| ('aa' (BOOLEAN)?)
| ('tc' (BOOLEAN)?)
| ('rd' (BOOLEAN)?)
| ('ra' (BOOLEAN)?)
| ('ad' (BOOLEAN)?)
| ('cd' (BOOLEAN)?)
| ('rcode' ('noerror' | 'NOERROR' | 'formerr' |
'FORMERR'
| 'servfail' | 'SERVFAIL' | 'nxdomain'
| 'NXDOMAIN'
| 'notimpl' | 'NOTIMPL' | 'refused' |
'REFUSED' | 'yxdomain'
| 'YXDOMAIN' | 'yxrrset' | 'YXRRSET' |
'nxrrset' | 'NXRRSET'
| 'notauth' | 'NOTAUTH' | 'notzone' |
'NOTZONE')?)
| ('qdcount' (UNSIGNED_SHORT)?)
| ('ancount' (UNSIGNED_SHORT)?)
| ('nscount' (UNSIGNED_SHORT)?)
| ('arcount' (UNSIGNED_SHORT)?))
DESCRIPTION
This iRules command gets or sets simple bits or byte fields. Read-only
form introduced in v11.0, Read-write capability added in v11.1.
Note: This command requires the DNS Profile, which is only enabled as
part of GTM or the DNS Services add-on.
Syntax
DNS::header
[value]
* Gets or sets simple bits or byte fields. Return value is always an
integer except for successful recognition of the rcode or opcode
fields, where a string is returned
+ rcode
o NOERROR
o FORMERR
o SERVFAIL
o NXDOMAIN
o NOTIMPL
o REFUSED
o YXDOMAIN
o YXRRSET
o NXRRSET
o NOTAUTH
o NOTZONE
+ opcode
o QUERY
o IQUERY
o STATUS
o NOTIFY
o UPDATE
RETURN VALUE
VALID DURING
DNS_REQUEST, DNS_RESPONSE, GLOBAL_GTM
EXAMPLES
# Refuse all queries from a specific ip
when DNS_REQUEST {
if { [IP::client_addr] equals "192.168.1.245" } {
DNS::answer clear
DNS::header rcode REFUSED
DNS::return
return
}
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-11.0.0 --First introduced the command.
BIG-IP 2017-01-31 iRule(1)