F5 - IRule DNS logging

 

IRule to create’s log entries for dns queries

 

You can attach a DNS iRule to a Wide IP using the following methods:

Impact of procedure: Enabling the following iRules will generate verbose log output to the /var/log/gtm file.
You should only leave the iRules enabled while you are gathering troubleshooting data

Create an LTM iRule using DNS::question and DNS::answer, IP::client_addr and DNS::origin


ltm rule ltm_log {
   when DNS_REQUEST {
      log local2. "LTM irule: DNS Requests [DNS::question name] with record type of [DNS::question type] seen from [IP::client_addr]"
   }
   when DNS_RESPONSE {
      log local2. "LTM irule: Client answer was provided by [DNS::origin], with the full response of [DNS::answer]"
   }
}

 

Create a DNS iRule using DNS::rrtype, DNS::rrname and ip::client_addr


gtm rule gtm_log {
   when DNS_REQUEST {
      log local2. "GTM irule: A client [IP::client_addr] queried [DNS::rrname] with request type of [DNS::rrtype]"
   }
}