When you want to reject or drop queries to a certain domain. The class-list: class-list cl-dns string str .example.tld drop str .example2.tld drop ! The aFleX: when DNS_REQUEST { if {!([DNS::question name] equals ".")} { set fqdn .[DNS::question name] } if { [CLASS::match $fqdn ends_with cl-dns] } { drop log local0.INFO "Dropped: [DNS::question name] from [IP::client_addr]" } }
Cool idea!
You could expand it into a mini-DNS server like this:
when RULE_INIT { set ::DEBUG 2 ;#0= Off, 1= Error only, 2= Detailed set ::dns_cl dns_zone_file ;#Zone Filename (A10 Class-List on AX unit ) }
when DNS_REQUEST { set name [DNS::question name] set type [DNS::question type] set index “$type#$name” if {[CLASS::match $index equals $::dns_cl]} { if {$::DEBUG > 1} {log “DNS_Server: Received: DNS $type Query for $name Returned: [CLASS::match $index equals $::dns_cl value]”} set rr1 [DNS::rr $name 30 IN $type [CLASS::match $index equals $::dns_cl value]] DNS::header qr 1 DNS::header ra 1 DNS::answer insert $rr1 DNS::return } }
################### #Assumptions: All IN queries # #show class-list dns_zone_file #Name: dns_zone_file #Total String: 4 #Content: # str A#www.example.com 10.1.1.1 # str A#fart.example.com 10.1.1.2 # str CNAME#old.example.com new.example.com # str TXT#www.example.com All this text will be used as the response to a TXT query. No quotes needed.
Nice one Busey!
I was hoping you would post it. 
File attached.