-
AppExpert Applications and Templates
-
Configure application authentication, authorization, and auditing
-
-
Advanced Policy Expressions: Working with Dates, Times, and Numbers
-
Advanced Policy Expressions: Parsing HTTP, TCP, and UDP Data
-
Advanced Policy Expressions: IP and MAC Addresses, Throughput, VLAN IDs
-
-
-
-
Rewrite Action and Policy Examples
-
DNS Support for the Rewrite Feature
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
DNS Support for the Rewrite Feature
You can configure the rewrite feature to modify DNS requests and responses, as you would for HTTP or TCP requests and responses. You can use rewrite to manage the flow of DNS requests, and make necessary modifications in the header, or in the answer section. For example, if the DNS response does not have the AA bit set in the header flag, you can use rewrite to set the AA bit in the DNS response and send it to the client.
DNS Expressions
In a rewrite configuration, you can use the following Citrix ADC expressions to refer to various portions of a DNS request or response:
See Expressions and Descriptions
DNS Bind Points
The following global bind points are available for policies that contain DNS expressions.
Bind Points | Description |
---|---|
DNS_REQ_OVERRIDE | Override request policy queue. |
DNS_REQ_DEFAULT | Standard request policy queue. |
DNS_RES_OVERRIDE | Override response policy queue. |
DNS_RES_DEFAULT | Standard response policy queue. |
In addition to the default bind points, you can create policy labels of type DNS_REQ or DNS_RES and bind DNS policies to them.
Rewrite Action Types for DNS
- replace_dns_answer_section—This action replaces the DNS answers section with the defined expression in the DNS policy.
- replace_dns_header_field—Checks the opcode type in the DNS request. Returns True or False, indicating whether the opcode type in the DNS request matches the specified opcode type. This action replaces the DNS header section with the defined expression in the DNS policy.
Configuring Rewrite Policies for DNS
The following procedure uses the Citrix ADC command line to configure a rewrite action and policy and bind the policy to a rewrite-specific global bind point.
Configure Rewrite action and policy, and bind the policy for DNS
At the command prompt, type the following commands:
-
add rewrite action <actName> <actType>
For <actname>, substitute a name for your new action. The name can be 1 to 127 characters in length, and can contain letters, numbers, hyphen (-), and underscore (_) symbols. For <actType>, specify the rewrite action types provided for DNS expressions.
-
add rewrite policy <polName> <rule> <actName>
For <polname>, substitute a name for your new policy. For <actname>, the name can be 1 to 127 characters in length, and can contain letters, numbers, hyphen (-), and underscore (_) symbols. For <actname>, substitute the name of the action that you just created.
-
bind rewrite global <polName> <priority> < gotoPriorityExpression> -type <bindPoint>
For <polName>, substitute the name of the policy that you just created. For <priority>, specify the priority of the policy. For <bindPoint>, substitute one of the rewrite -specific global bind points.
Example:
Set the AA bit of DNS request to load balance virtual server.
The following commands configure the Citrix ADC appliance to act as an authoritative DNS server for all the queries that it serves.
add rewrite action set_aa replace_dns_header_field dns.req.header.flags.set(aa)
add rewrite policy pol !dns.req.header.flags.is_set(aa) set_aa
bind rewrite global pol 100 -type dns_res_override
<!--NeedCopy-->
Modify the response answer and header section.
If the server responds with an NX domain, you can set the rewrite action to replace the response with specified IP address. A NOPOLICY-REWRITE enables you to invoke an enternal bank without processing an expression (a rule). This entry is a dummy policy that does not contain a rule but directs the entry to a policy label or virtual server specific policy banks.
add rewrite action set_aa_res replace_dns_header_field "dns.res.header.flags.set(aa)"
add rewrite action modify_nxdomain_res replace_dns_answer_section "dns.new_rrset_a(\"10.102.218.160\",300)"
add rewrite policy set_res_aa true set_aa_res
add add rewrite policy modify_answer "dns.RES.HEADER.RCODE.EQ(nxdomain) && dns.RES.QUESTION.TYPE.EQ(A)"
modify_nxdomain_res
add rewrite policylabel MODIFY_NODATA dns_res
bind rewrite policylabel MODIFY_NODATA modify_answer 10 END
bind rewrite policylabel MODIFY_NODATA set_res_aa 11 END
bind lb vserver v1 -policyName NOPOLICY-REWRITE -priority 11 -gotoPriorityExpression END -type
RESPONSE -invoke policylabel MODIFY_NODATA
<!--NeedCopy-->
Limitations:
- Rewrite policies are evaluated only if the Citrix ADC appliance is configured as a DNS proxy server and there is a cache miss.
- If the Recursion Available (RA) flag in the header is set to YES, the RA flag will not be modified in the rewrites.
- If the RA flag in the header is set to YES, the CD flag in the header is modified regardless of any rewrite action.
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.