f5-rahm/resolver_name_lookup_proc.tcl

## resolver_name_lookup_proc.tcl
#####################################################
### Required net resolver - example configuration ###
#####################################################

#net dns-resolver r1 {
#    forward-zones {
#        . {
#            nameservers {
#                8.8.8.8:domain { }
#                9.9.9.9:domain { }
#            }
#        }
#    }
#    route-domain 0
#}

# Proc to reverse the octets for ipv4 PTR records
proc resolv_ptr_v4 { addr_v4 } {
  if { ([scan $addr_v4 {%d.%d.%d.%d} a b c d] != 4) ||
       ([llength [split $addr_v4 .]] != 4) } {
    return
  } else { return "$d.$c.$b.$a.in-addr.arpa" }
}

# Proc to make resolver::name_lookup queries
proc resolv_look_up { net_resolver qtype qquestion } {
  if { $qtype eq "ptr" } {
    set qquestion [call resolv_ptr_v4 $qquestion]
  }
  set result [RESOLVER::name_lookup $net_resolver $qquestion $qtype]
  set summary [RESOLVER::summarize $result]
  if { [lindex $summary 0] eq "" } {
    # log local0.warn "DNS $qtype lookup for $qquestion failed."
    return
  }
  return $summary
}

# Example Code on How to use the procs
when RULE_INIT {
  set static::enable_test 1
}
when CLIENT_ACCEPTED {
  if { $static::enable_test } {
    array set records {
      a f5.com
      aaaa f5.com
      txt f5.com
      mx f5.com
      ptr 52.84.127.127
      srv _sip._tcp.cisco.com
      naptr 4.4.2.2.3.3.5.6.8.1.4.4.e164.arpa
    }
    foreach {type question} [array get records] {
      set answers [call resolv_look_up "/Common/r1" $type $question]
      foreach answer $answers {
        if { $type eq "naptr" } {
          log local0. "Query type: $type, Question: $question, Answer: [lindex $answer end-1]"
        } else { log local0. "Query type: $type, Question: $question, Answer: [lindex $answer end]" }
      }
    }
  }
}

# Results from the Example Code Tests
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: adobe-idp-site-verification=9af818c65525c17f45bb3b16b01b1292a6deed65c3f1f2b5815dc825f9dd58c1
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: atlassian-domain-verification=Iv/Cm1UielF25k9FOYOH+QWS9iqMJUFKzUNVB9RqH3uwzIEPziCRKryf2/dKbws8
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: atlassian-domain-verification=vacpcyC/mEYqNKgdRfXCnjfcEHfR7/VGHSQc+Lk2RRMIm1iwdPcg4M/mX0OFNjuQ
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: include:spf.protection.outlook.com include:mktomail.com include:_spf.salesforce.com mx:res.cisco.com -all
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: MS=ms50853128
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: status-page-domain-verification=y2kv019j5p4h
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: docusign=a0f80b2b-cad3-42fb-bec6-e6abf458700f
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: smartsheet-site-validation=ViznRSiRmJJYL_bUbM12TuSMi223D6i0
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: onetrust-domain-verification=305089a3e57b4f8087cf72e441a0c2c7
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: google-site-verification=cNGL-u4aLQubC64AY7ijWgQfdQP37Uc0iNF0L9CU-6Q
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: google-site-verification=o76ulVr4EPgPrnnF_bbHT1OL-9awsJWyZ9fkXHOL_Ks
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: fMFGA8zBN+lVQqxj+YGyWWcvpHgrN4XPx+uza773MdSgmj/mSZG5/nklDhxRRn7sBqEX0f7BTrEFl8Ih95BELw==
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: Dynatrace-site-verification=14970c01-b9a2-4fb0-baa4-3e55421d6198__hjigvhh8rdsjed6p5bbig75qiu
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: aaaa, Question: f5.com, Answer: 2604:e180:1047::ffff:6ba2:b09a
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: naptr, Question: 4.4.2.2.3.3.5.6.8.1.4.4.e164.arpa, Answer: !^\+441865332(.*)$!sip:\1@nominet.org.uk!
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: naptr, Question: 4.4.2.2.3.3.5.6.8.1.4.4.e164.arpa, Answer: !^(.*)$!tel:\1!
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: mx, Question: f5.com, Answer: mail13.f5.com
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: mx, Question: f5.com, Answer: mail15.f5.com
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: a, Question: f5.com, Answer: 107.162.162.40
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: ptr, Question: 52.84.127.127, Answer: server-52-84-127-127.ord53.r.cloudfront.net
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: srv, Question: _sip._tcp.cisco.com, Answer: vcsgw104.cisco.com
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: srv, Question: _sip._tcp.cisco.com, Answer: vcsgw101.cisco.com
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: srv, Question: _sip._tcp.cisco.com, Answer: vcsgw103.cisco.com
Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: srv, Question: _sip._tcp.cisco.com, Answer: vcsgw102.cisco.com
	#####################################################
	### Required net resolver - example configuration ###
	#####################################################

	#net dns-resolver r1 {
	# forward-zones {
	# . {
	# nameservers {
	# 8.8.8.8:domain { }
	# 9.9.9.9:domain { }
	# }
	# }
	# }
	# route-domain 0
	#}

	# Proc to reverse the octets for ipv4 PTR records
	proc resolv_ptr_v4 { addr_v4 } {
	if { ([scan $addr_v4 {%d.%d.%d.%d} a b c d] != 4) \|\|
	([llength [split $addr_v4 .]] != 4) } {
	return
	} else { return "$d.$c.$b.$a.in-addr.arpa" }
	}

	# Proc to make resolver::name_lookup queries
	proc resolv_look_up { net_resolver qtype qquestion } {
	if { $qtype eq "ptr" } {
	set qquestion [call resolv_ptr_v4 $qquestion]
	}
	set result [RESOLVER::name_lookup $net_resolver $qquestion $qtype]
	set summary [RESOLVER::summarize $result]
	if { [lindex $summary 0] eq "" } {
	# log local0.warn "DNS $qtype lookup for $qquestion failed."
	return
	}
	return $summary
	}

	# Example Code on How to use the procs
	when RULE_INIT {
	set static::enable_test 1
	}
	when CLIENT_ACCEPTED {
	if { $static::enable_test } {
	array set records {
	a f5.com
	aaaa f5.com
	txt f5.com
	mx f5.com
	ptr 52.84.127.127
	srv _sip._tcp.cisco.com
	naptr 4.4.2.2.3.3.5.6.8.1.4.4.e164.arpa
	}
	foreach {type question} [array get records] {
	set answers [call resolv_look_up "/Common/r1" $type $question]
	foreach answer $answers {
	if { $type eq "naptr" } {
	log local0. "Query type: $type, Question: $question, Answer: [lindex $answer end-1]"
	} else { log local0. "Query type: $type, Question: $question, Answer: [lindex $answer end]" }
	}
	}
	}
	}

	# Results from the Example Code Tests
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: adobe-idp-site-verification=9af818c65525c17f45bb3b16b01b1292a6deed65c3f1f2b5815dc825f9dd58c1
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: atlassian-domain-verification=Iv/Cm1UielF25k9FOYOH+QWS9iqMJUFKzUNVB9RqH3uwzIEPziCRKryf2/dKbws8
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: atlassian-domain-verification=vacpcyC/mEYqNKgdRfXCnjfcEHfR7/VGHSQc+Lk2RRMIm1iwdPcg4M/mX0OFNjuQ
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: include:spf.protection.outlook.com include:mktomail.com include:_spf.salesforce.com mx:res.cisco.com -all
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: MS=ms50853128
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: status-page-domain-verification=y2kv019j5p4h
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: docusign=a0f80b2b-cad3-42fb-bec6-e6abf458700f
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: smartsheet-site-validation=ViznRSiRmJJYL_bUbM12TuSMi223D6i0
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: onetrust-domain-verification=305089a3e57b4f8087cf72e441a0c2c7
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: google-site-verification=cNGL-u4aLQubC64AY7ijWgQfdQP37Uc0iNF0L9CU-6Q
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: google-site-verification=o76ulVr4EPgPrnnF_bbHT1OL-9awsJWyZ9fkXHOL_Ks
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: fMFGA8zBN+lVQqxj+YGyWWcvpHgrN4XPx+uza773MdSgmj/mSZG5/nklDhxRRn7sBqEX0f7BTrEFl8Ih95BELw==
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: txt, Question: f5.com, Answer: Dynatrace-site-verification=14970c01-b9a2-4fb0-baa4-3e55421d6198__hjigvhh8rdsjed6p5bbig75qiu
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: aaaa, Question: f5.com, Answer: 2604:e180:1047::ffff:6ba2:b09a
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: naptr, Question: 4.4.2.2.3.3.5.6.8.1.4.4.e164.arpa, Answer: !^\+441865332(.*)$!sip:\1@nominet.org.uk!
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: naptr, Question: 4.4.2.2.3.3.5.6.8.1.4.4.e164.arpa, Answer: !^(.*)$!tel:\1!
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: mx, Question: f5.com, Answer: mail13.f5.com
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: mx, Question: f5.com, Answer: mail15.f5.com
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: a, Question: f5.com, Answer: 107.162.162.40
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: ptr, Question: 52.84.127.127, Answer: server-52-84-127-127.ord53.r.cloudfront.net
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: srv, Question: _sip._tcp.cisco.com, Answer: vcsgw104.cisco.com
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: srv, Question: _sip._tcp.cisco.com, Answer: vcsgw101.cisco.com
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: srv, Question: _sip._tcp.cisco.com, Answer: vcsgw103.cisco.com
	Jan 26 11:19:33 ltm3 info tmm1[13417]: Rule /Common/resolver_demo_2 <CLIENT_ACCEPTED>: Query type: srv, Question: _sip._tcp.cisco.com, Answer: vcsgw102.cisco.com