Block DNS queries with class-list

mischamischa Member
in aFleX
When you want to reject or drop queries to a certain domain.

The class-list:
class-list cl-dns string str .example.tld drop str .example2.tld drop !

The aFleX:
when DNS_REQUEST { if {!([DNS::question name] equals ".")} { set fqdn .[DNS::question name] } if { [CLASS::match $fqdn ends_with cl-dns] } { drop log local0.INFO "Dropped: [DNS::question name] from [IP::client_addr]" } }

Comments

  • [Deleted User][Deleted User]
    edited February 2014
    Cool idea!

    You could expand it into a mini-DNS server like this:

    when RULE_INIT {
    set ::DEBUG 2 ;#0= Off, 1= Error only, 2= Detailed
    set ::dns_cl dns_zone_file ;#Zone Filename (A10 Class-List on AX unit )
    }

    when DNS_REQUEST {
    set name [DNS::question name]
    set type [DNS::question type]
    set index "$type#$name"
    if {[CLASS::match $index equals $::dns_cl]} {
    if {$::DEBUG > 1} {log "DNS_Server: Received: DNS $type Query for $name Returned: [CLASS::match $index equals $::dns_cl value]"}
    set rr1 [DNS::rr $name 30 IN $type [CLASS::match $index equals $::dns_cl value]]
    DNS::header qr 1
    DNS::header ra 1
    DNS::answer insert $rr1
    DNS::return
    }
    }

    ###################
    #Assumptions: All IN queries
    #
    #show class-list dns_zone_file
    #Name: dns_zone_file
    #Total String: 4
    #Content:
    # str A#www.example.com 10.1.1.1
    # str A#fart.example.com 10.1.1.2
    # str CNAME#old.example.com new.example.com
    # str TXT#www.example.com All this text will be used as the response to a TXT query. No quotes needed.
  • mischamischa Member
    edited February 2014
    Nice one Busey!
    I was hoping you would post it. :)
  • mischamischa Member
    edited February 2014
    File attached.
Sign In or Register to comment.

© Copyright 2024 - A10 Networks Community - All Rights Reserved. | Legal