Last active
January 26, 2021 18:20
-
-
Save f5-rahm/24ce70dcd7c2f26125f2c4da2db2412c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
##################################################### | |
### Required net resolver - example configuration ### | |
##################################################### | |
#net dns-resolver r1 { | |
# forward-zones { | |
# . { | |
# nameservers { | |
# 8.8.8.8:domain { } | |
# 9.9.9.9:domain { } | |
# } | |
# } | |
# } | |
# route-domain 0 | |
#} | |
# Proc to reverse the octets for ipv4 PTR records | |
proc resolv_ptr_v4 { addr_v4 } { | |
if { ([scan $addr_v4 {%d.%d.%d.%d} a b c d] != 4) || | |
([llength [split $addr_v4 .]] != 4) } { | |
return | |
} else { return "$d.$c.$b.$a.in-addr.arpa" } | |
} | |
# Proc to make resolver::name_lookup queries | |
proc resolv_look_up { net_resolver qtype qquestion } { | |
if { $qtype eq "ptr" } { | |
set qquestion [call resolv_ptr_v4 $qquestion] | |
} | |
set result [RESOLVER::name_lookup $net_resolver $qquestion $qtype] | |
set summary [RESOLVER::summarize $result] | |
if { [lindex $summary 0] eq "" } { | |
# log local0.warn "DNS $qtype lookup for $qquestion failed." | |
return | |
} | |
return $summary | |
} | |
# Example Code on How to use the procs | |
when RULE_INIT { | |
set static::enable_test 1 | |
} | |
when CLIENT_ACCEPTED { | |
if { $static::enable_test } { | |
array set records { | |
a f5.com | |
aaaa f5.com | |
txt f5.com | |
mx f5.com | |
ptr 52.84.127.127 | |
srv _sip._tcp.cisco.com | |
naptr 4.4.2.2.3.3.5.6.8.1.4.4.e164.arpa | |
} | |
foreach {type question} [array get records] { | |
set answers [call resolv_look_up "/Common/r1" $type $question] | |
foreach answer $answers { | |
if { $type eq "naptr" } { | |
log local0. "Query type: $type, Question: $question, Answer: [lindex $answer end-1]" | |
} else { log local0. "Query type: $type, Question: $question, Answer: [lindex $answer end]" } | |
} | |
} | |
} | |
} | |
# Results from the Example Code Tests | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: adobe-idp-site-verification=9af818c65525c17f45bb3b16b01b1292a6deed65c3f1f2b5815dc825f9dd58c1 | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: atlassian-domain-verification=Iv/Cm1UielF25k9FOYOH+QWS9iqMJUFKzUNVB9RqH3uwzIEPziCRKryf2/dKbws8 | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: atlassian-domain-verification=vacpcyC/mEYqNKgdRfXCnjfcEHfR7/VGHSQc+Lk2RRMIm1iwdPcg4M/mX0OFNjuQ | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: include:spf.protection.outlook.com include:mktomail.com include:_spf.salesforce.com mx:res.cisco.com -all | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: MS=ms50853128 | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: status-page-domain-verification=y2kv019j5p4h | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: docusign=a0f80b2b-cad3-42fb-bec6-e6abf458700f | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: smartsheet-site-validation=ViznRSiRmJJYL_bUbM12TuSMi223D6i0 | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: onetrust-domain-verification=305089a3e57b4f8087cf72e441a0c2c7 | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: google-site-verification=cNGL-u4aLQubC64AY7ijWgQfdQP37Uc0iNF0L9CU-6Q | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: google-site-verification=o76ulVr4EPgPrnnF_bbHT1OL-9awsJWyZ9fkXHOL_Ks | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: fMFGA8zBN+lVQqxj+YGyWWcvpHgrN4XPx+uza773MdSgmj/mSZG5/nklDhxRRn7sBqEX0f7BTrEFl8Ih95BELw== | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: Dynatrace-site-verification=14970c01-b9a2-4fb0-baa4-3e55421d6198__hjigvhh8rdsjed6p5bbig75qiu | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: aaaa, Question: f5.com, Answer: 2604:e180:1047::ffff:6ba2:b09a | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: naptr, Question: 4.4.2.2.3.3.5.6.8.1.4.4.e164.arpa, Answer: !^\+441865332(.*)$!sip:\1@nominet.org.uk! | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: naptr, Question: 4.4.2.2.3.3.5.6.8.1.4.4.e164.arpa, Answer: !^(.*)$!tel:\1! | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: mx, Question: f5.com, Answer: mail13.f5.com | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: mx, Question: f5.com, Answer: mail15.f5.com | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: a, Question: f5.com, Answer: 107.162.162.40 | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: ptr, Question: 52.84.127.127, Answer: server-52-84-127-127.ord53.r.cloudfront.net | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: srv, Question: _sip._tcp.cisco.com, Answer: vcsgw104.cisco.com | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: srv, Question: _sip._tcp.cisco.com, Answer: vcsgw101.cisco.com | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: srv, Question: _sip._tcp.cisco.com, Answer: vcsgw103.cisco.com | |
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: srv, Question: _sip._tcp.cisco.com, Answer: vcsgw102.cisco.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment