Options
Block DNS queries with class-list
When you want to reject or drop queries to a certain domain.
The class-list:
The aFleX:
The class-list:
class-list cl-dns string
str .example.tld drop
str .example2.tld drop
!
The aFleX:
when DNS_REQUEST {
if {!([DNS::question name] equals ".")} {
set fqdn .[DNS::question name]
}
if { [CLASS::match $fqdn ends_with cl-dns] } {
drop
log local0.INFO "Dropped: [DNS::question name] from [IP::client_addr]"
}
}
0
Comments
You could expand it into a mini-DNS server like this:
when RULE_INIT {
set ::DEBUG 2 ;#0= Off, 1= Error only, 2= Detailed
set ::dns_cl dns_zone_file ;#Zone Filename (A10 Class-List on AX unit )
}
when DNS_REQUEST {
set name [DNS::question name]
set type [DNS::question type]
set index "$type#$name"
if {[CLASS::match $index equals $::dns_cl]} {
if {$::DEBUG > 1} {log "DNS_Server: Received: DNS $type Query for $name Returned: [CLASS::match $index equals $::dns_cl value]"}
set rr1 [DNS::rr $name 30 IN $type [CLASS::match $index equals $::dns_cl value]]
DNS::header qr 1
DNS::header ra 1
DNS::answer insert $rr1
DNS::return
}
}
###################
#Assumptions: All IN queries
#
#show class-list dns_zone_file
#Name: dns_zone_file
#Total String: 4
#Content:
# str A#www.example.com 10.1.1.1
# str A#fart.example.com 10.1.1.2
# str CNAME#old.example.com new.example.com
# str TXT#www.example.com All this text will be used as the response to a TXT query. No quotes needed.
I was hoping you would post it.