DNS iRules: Protect Yourself From "ANY" Amplification Attacks
This is the latest in a series of DNS articles that I've been writing over the past couple of months. I started out writing about the basics of DNS and then dug into some cool DNS features on the BIG-IP. But I wanted to spend a little time on some iRule fun as well. So this article will highlight one of the many different DNS iRules out here on DevCentral. This iRule protects you from one of the popular DNS DDoS attacks (DNS Amplification Attack).
Simply stated, a DNS amplification attack takes advantage of features that allow a very small request to return a much larger response. These attacks also rely on the fact that the attacker can request these large responses on behalf of someone else (the victim). More specifically, DNS amplification attacks are a popular type of a Distributed Denial of Service (DDoS) attack in which attackers use publically accessible open DNS resolvers to flood a target system with DNS response traffic.
DNS resolvers retrieve information from authoritative servers and return answers to end-user applications. A DNS resolver that is configured correctly will only respond for the hosts in its domain. For example, if your company has IP space 1.1.1.0 - 1.1.1.255, then your DNS resolver should not respond if a requests comes from IP address 2.2.2.2. The problem with open DNS resolvers is that they will respond to recursive queries from outside hosts. This creates some very interesting opportunities for cyber attackers.
The following diagrams outline two different scenarios: one is a DNS resolver that has been correctly configured and the other is an open DNS resolver.
I did a little research and found one website that lists over 20 million open DNS resolvers on the Internet (this number changes all the time). So what's the big deal, you say? Well, here are a few reasons that open DNS resolvers are a bad thing:
They allow outsiders to consume resources that do not belong to them
Attackers may be able to poison their cache
They are used in widespread DDoS attacks with spoofed source addresses and large DNS responses (amplification attacks)
Using one of those open DNS resolvers, I sent a simple request for isc.org records using the dig tool. You can see from the details below that I got a 3680-byte response; the request was 64 bytes (a 57x amplifier). I also tried the same request using a properly configured DNS resolver and I got a timeout response saying no servers could be reached (the correct and expected response).
C:\dig ANY isc.org @x.x.x.x
; <<>> DiG 9.8.6-P1 <<>> ANY isc.org @x.x.x.x
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10156
;; flags: qr rd ra; QUERY: 1, ANSWER: 30, AUTHORITY: 4, ADDITIONAL: 14
;; QUESTION SECTION:
;isc.org. IN ANY
;; ANSWER SECTION:
isc.org. 7200 IN RRSIG SOA 5 2 7200 20140815213213 20140716213213 4521 isc.org. HYVeuPKnCx/5kVzThEObGqTC4Pit00hAGEVS7FkHKGO15/WADV05Ipre +e5dpEYpfbcH5DMGeFsIEKQ0snsiXeAFYchcQYeKtR/zOeKOdOQVmFtP 985a9jRSvFXCtFyaC9mH5WY9r2teKhil6MaEAwrHaDOZvXj0siDZZP5j K4s=
isc.org. 59 IN A 149.20.64.69
isc.org. 60 IN RRSIG A 5 2 60 20140815213213 20140716213213 4521 isc.org. OgEvyaQ6VycKAtm4K7xHycQl22ZSiaySkXCxWdYgWU+0C96F7KvH1Nay auHTpvPFvmwsdz1ijJwKn1ZsdiUbNPCGJ58V/xVyMcE71+4e+vHD8HrU 7ktt/X7bQh14dm/MqzQAQJH4LLarfCKTlBzX0xCkDhOoqLw9ZuUW54I7 uww=
isc.org. 7200 IN MX 10 mx.ams1.isc.org.
isc.org. 7200 IN MX 10 mx.pao1.isc.org.
isc.org. 7200 IN RRSIG MX 5 2 7200 20140815213213 20140716213213 4521 isc.org. NtAd/mQnrku1jf9dA84Mk366nqdADF1+HnFDg1+Rl+cNb88oIBEcBcCW SttIybIe+65ganybbYDCLV8TcovCx6o/SWZMXuXmnjy5cYey6a6uAz3x uUVfr4g1RMo6OsbnJ9GfF5NDWHxKFcToOI3scHMj9fxwK19sy17uPlSn wos=
isc.org. 7200 IN TXT "$Id: isc.org,v 1.1906 2014-07-16 22:31:39 dmahoney Exp $"
isc.org. 7200 IN TXT "v=spf1 a mx ip4:204.152.184.0/21 ip4:149.20.0.0/16 ip6:2001:04F8::0/32 ip6:2001:500:60::65/128 ~all"
isc.org. 7200 IN RRSIG TXT 5 2 7200 20140815213213 20140716213213 4521 isc.org. p2DfhLN/QATV2tE7ocHVFlQvGuomk1X9ktiatir17JWiP27349zBp7qf uHM4NJjYAsxXGQdSTLnI60we8JziiRe9czcBNWmO9mRzSNEUvGFJ1ZKr r9d6RyyMq82z468IQH7IPlsM41YAbyJIdXppU0MzHkL3Z1tdRnEH0d6z XGw=
isc.org. 59 IN AAAA 2001:4f8:0:2::69
isc.org. 60 IN RRSIG AAAA 5 2 60 20140815213213 20140716213213 4521 isc.org. Zqu51yF2GkLf4NPVRMyUADzXgVksJ/KfvgiWwgMTFKmwjmU6FoAW58PJ XO/A5Zr9gvRz9K3/iyGEhlxoKM+prQhtlykUm/CUtg4tsrOnu3Z9vX7P EK9QJ9ayCw2/LAAgeslpeL9aJIWHEDL6vWrmRz4UaymUNZ9Si1peCjc3 Rik=
isc.org. 7200 IN NAPTR 20 0 "S" "SIP+D2U" "" _sip._udp.isc.org.
isc.org. 7200 IN RRSIG NAPTR 5 2 7200 20140815213213 20140716213213 4521 isc.org. OzJhjUmLdxwtWJoT2T8r5f8189+tb5PK5NovNRBh13WaQgCj+Xevnbt7 Y6FV44KXze3gt54wlCE0jI/5Scj1TY7fsmEYzlhs4omyxhT1P20CmVx9 yi55UevBzkinWurVrQGS2mHh6mvldzR/uGRYNf5stVhX0bREvdRQQEkj c6k=
isc.org. 3600 IN NSEC _adsp._domainkey.isc.org. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY SPF
isc.org. 3600 IN RRSIG NSEC 5 2 3600 20140815213213 20140716213213 4521 isc.org. jGkMrA76pO0rmNyjKXwVydxQEfdoxho9dIOCjXsLzvB1Q4KJljBQgHOB Qx8E59RrMoZp6dIDd14rH22BBgBXEuK7VIn4FvyR0+HTYToYdVXna8XO 9SVlFipeJe8ch2DyYr8HuYItH7WSHfSfcoG6Z0Iexulqbq4vwxeeXkvk Rh4=
isc.org. 7200 IN DNSKEY 256 3 5 AwEAAbJpDF4RemdHHE/HrJJhR3zpzAQ6zsHqFv0i4lCWTUf4sX+cq3vS u7fKO4QJtm97S1sbcnmHonVE3QPzLOsqsY630Wy5JzrPK3gUvQLgfIso vo2v+dosITL8WbvjU1mEXhIwfuuBhYmYSKySZ0X9gpHGhdxRd+J8M7ri PfN7kHLP
isc.org. 7200 IN DNSKEY 257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGr hhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+ u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy3 47cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQz Bkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyL KOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bB yBNsO70aEFTd
isc.org. 7200 IN RRSIG DNSKEY 5 2 7200 20140815210128 20140716210128 4521 isc.org. gMreL9DFjvDFpMVl1Uh1/tPBFOg0rvo060dfEUxJEIlu2Wqsqqz/rv7X 98NgLFo5T4KLbVp8Wloc7sYBHz9OVa1ILV/UYDFFgVCAkLa9yv2XBPkj X6HEGVy1ddx2pcN6K0mKrjs75Z9kvX49c2EEu1ohc6vtLG16Y4mwy114 lWM=
isc.org. 7200 IN RRSIG DNSKEY 5 2 7200 20140815210128 20140716210128 12892 isc.org. Om1S8XzWDaMkne1BL1O77uNBx4VecenGpAaaoiBjnzHz/xHMBylK7mA4 OcH9OwI2NoXQ/EB7qfowkzbwZEF+Ep+VJ3y2fykpDkUGn8iueHw9CEIq m7kPbioANV7CECNT8giB/pHO7na0hAZGnhaYfBkRTw28NitNSdaPa3CFru+JspRLkxeufCNLJkpU6nlCNI0DSfmj6D8sCECNnPUBetWMBlZyfmyd pRE+ZT+5Q2qoUV152pn86MxVPLe5nJc1fEcwi/9XoFaoTtDywdL+GL0f uaWIcZm4QaugYY6Bi532/IAXfqDxaLImoQh/vYj5Q0JRgZTrsQdP0o/n aWKW5w==
isc.org. 7200 IN SPF "v=spf1 a mx ip4:204.152.184.0/21 ip4:149.20.0.0/16 ip6:2001:04F8::0/32 ip6:2001:500:60::65/128 ~all"
isc.org. 7200 IN RRSIG SPF 5 2 7200 20140815213213 20140716213213 4521 isc.org. Il7WC6FXFV73qEjXhqiQ2M4IYN3yZngbWmqr/FnDOeQnRTipW5+MVXel M377OezVnnmni1//KQEjeO/iVl03ShcHdhgfslSKlsPc5m2nlVaVB+CB FhNxWwIEdLOL8Yn3ZyW5i1hKqCSUmTD/KiC+xHyTQvs/QwNjmeorZ52i /gs=
isc.org. 7200 IN SOA ns-int.isc.org. hostmaster.isc.org. 2014071601 7200 3600 24796800 3600
isc.org. 7199 IN NS ord.sns-pb.isc.org.
isc.org. 7199 IN NS ns.isc.afilias-nst.info.
isc.org. 7199 IN NS ams.sns-pb.isc.org.
isc.org. 7199 IN NS sfba.sns-pb.isc.org.
isc.org. 7200 IN RRSIG NS 5 2 7200 20140815213213 20140716213213 4521 isc.org. V3ye+DubBygL2Dz7AHMjjC1CrVkWUDnjnZKOsOG/VWDY6tWFVV49OHeV 7HmaB2vAdrE7ZSr6pwffonvY9xRCPHf6QUrcrrc5bYi3QASZGZ2AKwTJ UuwVgSnh/1ZyDkOnSP29UwBYUol+CSas/Z8Oo32bBFLcsEZUWW56xUmC 1eE=
isc.org. 81985 IN RRSIG DS 7 2 86400 20140807155612 20140717145612 21185 org. ZO/Yl9ByYm0NZbL2x7v14pvFknBQJeL7zFRgUocxSRi3v/g/kBTACNTH Fp4dQGgO2JjMkYd2DhvFRmxLYa2+aoASPuNU9lM9TdZ36ptrBkWeNp4l 09BVLhrSW140P7Jkud/nCkn/RtHYonfwp9rs6tJxINIE3KClAMRDn1xr ZmE=
isc.org. 81985 IN DS 12892 5 1 982113D08B4C6A1D9F6AEE1E2237AEF69F3F9759
isc.org. 81985 IN DS 12892 5 2 F1E184C0E1D615D20EB3C223ACED3B03C773DD952D5F0EB5C777586D E18DA6B5
;; AUTHORITY SECTION:
isc.org. 7199 IN NS sfba.sns-pb.isc.org.
isc.org. 7199 IN NS ord.sns-pb.isc.org.
isc.org. 7199 IN NS ns.isc.afilias-nst.info.
isc.org. 7199 IN NS ams.sns-pb.isc.org.
;; ADDITIONAL SECTION:
mx.ams1.isc.org. 3600 IN A 199.6.1.65
mx.ams1.isc.org. 3600 IN AAAA 2001:500:60::65
mx.pao1.isc.org. 3600 IN A 149.20.64.53
mx.pao1.isc.org. 3600 IN AAAA 2001:4f8:0:2::2b
asterisk.isc.org. 299 IN A 149.20.32.15
ns.isc.afilias-nst.info. 9497 IN A 199.254.63.254
ns.isc.afilias-nst.info. 9497 IN AAAA 2001:500:2c::254
ams.sns-pb.isc.org. 2785 IN A 199.6.1.30
ams.sns-pb.isc.org. 2785 IN AAAA 2001:500:60::30
ord.sns-pb.isc.org. 2785 IN A 199.6.0.30
ord.sns-pb.isc.org. 2785 IN AAAA 2001:500:71::30
sfba.sns-pb.isc.org. 2785 IN A 149.20.64.3
sfba.sns-pb.isc.org. 2785 IN AAAA 2001:4f8:0:2::19
_sip._udp.isc.org. 7200 IN SRV 0 1 5060 asterisk.isc.org.
;; Query time: 748 msec
;; SERVER: x.x.x.x#53(x.x.x.x)
;; WHEN: Thu Jul 16 14:31:53 Central Daylight Time 2014
;; MSG SIZE rcvd: 3680
One other key piece to this puzzle is that DNS uses the User Datagram Protocol (UDP) to send requests and responses. UDP is a connectionless protocol, so it doesn't care if the recipient of a given response is the intended recipient. An attacker could spoof an IP address and use an open DNS resolver to request a bunch of DNS data and have it sent to the victim's machine. The victim would be like, "why in the world are you sending me all this stuff I didn't ask for?!?" And then the victim would get overwhelmed with DNS data and wouldn't be able to process legitimate traffic.
One specific type of DNS request is the "ANY" request. As you probably know, a DNS server can respond with lots of different record types (you can see several of them in the screenshot above). Some are bigger than others and, ironically for this situation, some of the biggest are the records associated with DNSSEC (which is a suite of extensions that adds security to DNS responses). If you are an attacker and you want to flood a victim's machine with lots of data, it stands to reason that you would request the largest records. Well, there's an "ANY" query that returns all known information about a DNS zone in a single request (I used the "ANY" query in the example above).
Check out the following picture for an example:
Even though a small request can result in a large response, an attacker will need to send lots of these requests in order to really affect the victim. This is where a botnet can be very powerful and effective. By leveraging a botnet to produce a large number of spoofed DNS queries, an attacker can create an immense amount of traffic with little effort. As I like to say, "botnets put the "D" in DDoS." Imagine the scenario pictured above with millions of attack machines sending millions of "ANY" requests to millions of open DNS resolvers "on behalf of" only one victim machine. You can see pretty quickly how this distributed attack could overwhelm the victim machine.
It gets hard to prevent these types of attacks because the DNS responses are legitimate data coming from valid servers. In fact, the United States Computer Emergency Readiness Team (US-CERT) says "Unfortunately, due to the massive traffic volume that can be produced by one of these attacks, there is often little that the victim can do to counter a large-scale DNS amplification-based distributed denial-of-service attack." Well that's not very encouraging. One thing you could do is simply block the "ANY" query type, but that would also block legitimate ANY queries that are required for certain applications. What other options are there?
The iRule...
Let me introduce you to the flexibility and power of F5's iRules! Now, I'm not saying that this iRule will solve every single problem in your life, but it has certainly proven to be very effective in mitigating these "ANY" amplification attacks. The iRule (technically 2 iRules) utilizes two Virtual Servers: one UDP and one TCP.
The iRule on the UDP VIP checks to see if the query type is "ANY" and, if so, it responds with a truncated message which will force the legitimate client to use TCP (a connection-based protocol that allows the sender to know who the recipient is). This iRule also requires you to create a data group (called "admin_datagroup" in this iRule) that lists the networks that are allowed to do recursive lookups. If the DNS response is not from DNS Express and does not match the admin_datagroup then the response gets dropped. Note that starting in v11, any data groups that are configured in a partition other than /Common must be referenced by /Partition_Name/Data-Group_Name, even by iRules configured in that partition. Data groups referenced only by name are implicitly presumed to be /Common/Data-Group_Name.
The iRule on the TCP VIP simply checks to see if the response is from DNS Express or is a part of the admin_datagroup. If neither is true, the response gets dropped.
# UDP VIP iRule
# This first part checks if the DNS query type is "ANY" and responds with a truncated header
when DNS_REQUEST {
if { [DNS::question type] eq "ANY" } {
DNS::answer clear
DNS::header tc 1
DNS::return
}
}
# This part checks to see if the response packet is built from the first logic (origin = TCL)
# If yes, then exit and do not process further
# If no, then check if the response is from DNS Express...if it is, allow an answer for non "ANY" type
# If not from DNS Express, check to see if it matches the admin_datagroup created for recursive allowed networks
# If it does not match both conditions, then drop
when DNS_RESPONSE {
if { [DNS::origin] eq "TCL" } {
return
} elseif { [DNS::origin] ne "DNSX" } {
if { not [class match [IP::client_addr] eq "admin_datagroup" ] } {
DNS::drop
}
}
}
#TCP VIP iRule
# Simple logic to check and see if the response is from DNS Express or a part of the admin_datagroup
# If not from DNS Express, check to see if it matches the admin_datagroup created for recursive allowed networks
# If it does not match both conditions, then drop
when DNS_RESPONSE {
if { [DNS::origin] ne "DNSX" } {
if { not [class match [IP::client_addr] eq "admin_datagroup" ] } {
DNS::drop
}
}
}
So, that's it! Isn't it cool that you can take a few lines of simple code and mitigate a potentially disastrous DDoS attack against your critical business infrastructure? You gotta love the power and flexibility of DNS iRules. You can read more about DNS iRules on the DNS wiki page on DevCentral. Stay tuned for more exciting articles on DNS in the future!
Published Jul 16, 2014
Version 1.0
No CommentsBe the first to comment
"}},"component({\"componentId\":\"custom.widget.Tag_Manager_Helper\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[\"board:TechnicalArticles\",\"message:280330\"],\"name\":\"TkbMessagePage\",\"props\":{},\"url\":\"https://community.f5.com\"}}})":{"__typename":"ComponentRenderResult","html":" "}},"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/QueryHandler\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageView/MessageViewStandard\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageView/MessageViewStandard-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/ThreadedReplyList\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/ThreadedReplyList-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageReplyCallToAction\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageReplyCallToAction-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSubject\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSubject-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageBody\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageBody-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageCustomFields\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageCustomFields-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageRevision\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageRevision-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageReplyButton\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageReplyButton-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageAuthorBio\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageAuthorBio-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/guides/GuideBottomNavigation\"]})":[{"__ref":"CachedAsset:text:en_US-components/guides/GuideBottomNavigation-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserLink\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserLink-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserRank\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserRank-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserRegistrationDate\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserRegistrationDate-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/tags/TagView/TagViewChip\"]})":[{"__ref":"CachedAsset:text:en_US-components/tags/TagView/TagViewChip-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/ranks/UserRankLabel\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1728320186000"}]},"CachedAsset:pages-1737544990696":{"__typename":"CachedAsset","id":"pages-1737544990696","value":[{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737544990696,"localOverride":null,"page":{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"}],"localOverride":false},"CachedAsset:text:en_US-components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot find message with id {messageId}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":{"title":"Loading..."},"localOverride":false},"User:user:-1":{"__typename":"User","id":"user:-1","uid":-1,"login":"Former Member","email":"","avatar":null,"rank":null,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ssoRegistrationFields":[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"false","localValue":"true","possibleValues":["true","false"]},"dateDisplayFormat":{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"dd-MMM-yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":"en","possibleValues":["en-US"]}},"deleted":false},"Theme:customTheme1":{"__typename":"Theme","id":"customTheme1"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi0zNC0xM2k0MzE3N0Q2NjFBRDg5NDAy\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bi0zNC0xM2k0MzE3N0Q2NjFBRDg5NDAy","mimeType":"image/png"},"Category:category:Articles":{"__typename":"Category","id":"category:Articles","entityType":"CATEGORY","displayId":"Articles","nodeType":"category","depth":1,"title":"Articles","shortTitle":"Articles","parent":{"__ref":"Category:category:top"},"categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:top":{"__typename":"Category","id":"category:top","displayId":"top","nodeType":"category","depth":0,"title":"Top","entityType":"CATEGORY","shortTitle":"Top"},"Tkb:board:TechnicalArticles":{"__typename":"Tkb","id":"board:TechnicalArticles","entityType":"TKB","displayId":"TechnicalArticles","nodeType":"board","depth":2,"conversationStyle":"TKB","title":"Technical Articles","description":"F5 SMEs share good practice.","avatar":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi0zNC0xM2k0MzE3N0Q2NjFBRDg5NDAy\"}"},"profileSettings":{"__typename":"ProfileSettings","language":null},"parent":{"__ref":"Category:category:Articles"},"ancestors":{"__typename":"CoreNodeConnection","edges":[{"__typename":"CoreNodeEdge","node":{"__ref":"Community:community:zihoc95639"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:Articles"}}]},"userContext":{"__typename":"NodeUserContext","canAddAttachments":false,"canUpdateNode":false,"canPostMessages":false,"isSubscribed":false},"boardPolicies":{"__typename":"BoardPolicies","canPublishArticleOnCreate":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","key":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","args":[]}},"canReadNode":{"__typename":"PolicyResult","failureReason":null}},"shortTitle":"Technical Articles","isManualSortOrderAvailable":false,"tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"repliesProperties":{"__typename":"RepliesProperties","sortOrder":"PUBLISH_TIME","repliesFormat":"threaded"},"tagProperties":{"__typename":"TagNodeProperties","tagsEnabled":{"__typename":"PolicyResult","failureReason":null}},"requireTags":true,"tagType":"FREEFORM_AND_PRESET"},"Rank:rank:27":{"__typename":"Rank","id":"rank:27","position":2,"name":"Ret. Employee","color":"949494","icon":null,"rankStyle":"OUTLINE"},"User:user:56738":{"__typename":"User","id":"user:56738","uid":56738,"login":"ltwagnon","deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS01NjczOC0xNjM3OGk3QkQ0M0UxRDAzRDEzMDg3"},"rank":{"__ref":"Rank:rank:27"},"email":"","messagesCount":505,"biography":null,"topicsCount":265,"kudosReceivedCount":77,"kudosGivenCount":3,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2019-05-15T11:53:25.000-07:00","confirmEmailStatus":null},"followersCount":null,"solutionsCount":1},"TkbTopicMessage:message:280330":{"__typename":"TkbTopicMessage","uid":280330,"subject":"DNS iRules: Protect Yourself From \"ANY\" Amplification Attacks","id":"message:280330","revisionNum":1,"repliesCount":0,"author":{"__ref":"User:user:56738"},"depth":0,"hasGivenKudo":false,"helpful":null,"board":{"__ref":"Tkb:board:TechnicalArticles"},"conversation":{"__ref":"Conversation:conversation:280330"},"messagePolicies":{"__typename":"MessagePolicies","canPublishArticleOnEdit":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.forums.policy_can_publish_on_edit_workflow_action.accessDenied","key":"error.lithium.policies.forums.policy_can_publish_on_edit_workflow_action.accessDenied","args":[]}},"canModerateSpamMessage":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","key":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","args":[]}}},"contentWorkflow":{"__typename":"ContentWorkflow","state":"PUBLISH","scheduledPublishTime":null,"scheduledTimezone":null,"userContext":{"__typename":"MessageWorkflowContext","canSubmitForReview":null,"canEdit":false,"canRecall":null,"canSubmitForPublication":null,"canReturnToAuthor":null,"canPublish":null,"canReturnToReview":null,"canSchedule":null},"shortScheduledTimezone":null},"readOnly":false,"editFrozen":false,"moderationData":{"__ref":"ModerationData:moderation_data:280330"},"teaser":"","body":"
This is the latest in a series of DNS articles that I've been writing over the past couple of months. I started out writing about the basics of DNS and then dug into some cool DNS features on the BIG-IP. But I wanted to spend a little time on some iRule fun as well. So this article will highlight one of the many different DNS iRules out here on DevCentral. This iRule protects you from one of the popular DNS DDoS attacks (DNS Amplification Attack).
Simply stated, a DNS amplification attack takes advantage of features that allow a very small request to return a much larger response. These attacks also rely on the fact that the attacker can request these large responses on behalf of someone else (the victim). More specifically, DNS amplification attacks are a popular type of a Distributed Denial of Service (DDoS) attack in which attackers use publically accessible open DNS resolvers to flood a target system with DNS response traffic.
\n\n
DNS resolvers retrieve information from authoritative servers and return answers to end-user applications. A DNS resolver that is configured correctly will only respond for the hosts in its domain. For example, if your company has IP space 1.1.1.0 - 1.1.1.255, then your DNS resolver should not respond if a requests comes from IP address 2.2.2.2. The problem with open DNS resolvers is that they will respond to recursive queries from outside hosts. This creates some very interesting opportunities for cyber attackers.
\n\n
The following diagrams outline two different scenarios: one is a DNS resolver that has been correctly configured and the other is an open DNS resolver.
\n\n
\n\n
\n\n
\n\n
\n\n
\n\n
I did a little research and found one website that lists over 20 million open DNS resolvers on the Internet (this number changes all the time). So what's the big deal, you say? Well, here are a few reasons that open DNS resolvers are a bad thing:
\n\n
They allow outsiders to consume resources that do not belong to them
Attackers may be able to poison their cache
They are used in widespread DDoS attacks with spoofed source addresses and large DNS responses (amplification attacks)
\n\n
Using one of those open DNS resolvers, I sent a simple request for isc.org records using the dig tool. You can see from the details below that I got a 3680-byte response; the request was 64 bytes (a 57x amplifier). I also tried the same request using a properly configured DNS resolver and I got a timeout response saying no servers could be reached (the correct and expected response).
\n\n
\n\n
\n C:\\dig ANY isc.org @x.x.x.x \n\n; <<>> DiG 9.8.6-P1 <<>> ANY isc.org @x.x.x.x\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10156\n;; flags: qr rd ra; QUERY: 1, ANSWER: 30, AUTHORITY: 4, ADDITIONAL: 14\n\n;; QUESTION SECTION:\n;isc.org. IN ANY\n\n;; ANSWER SECTION:\nisc.org. 7200 IN RRSIG SOA 5 2 7200 20140815213213 20140716213213 4521 isc.org. HYVeuPKnCx/5kVzThEObGqTC4Pit00hAGEVS7FkHKGO15/WADV05Ipre +e5dpEYpfbcH5DMGeFsIEKQ0snsiXeAFYchcQYeKtR/zOeKOdOQVmFtP 985a9jRSvFXCtFyaC9mH5WY9r2teKhil6MaEAwrHaDOZvXj0siDZZP5j K4s=\nisc.org. 59 IN A 149.20.64.69\nisc.org. 60 IN RRSIG A 5 2 60 20140815213213 20140716213213 4521 isc.org. OgEvyaQ6VycKAtm4K7xHycQl22ZSiaySkXCxWdYgWU+0C96F7KvH1Nay auHTpvPFvmwsdz1ijJwKn1ZsdiUbNPCGJ58V/xVyMcE71+4e+vHD8HrU 7ktt/X7bQh14dm/MqzQAQJH4LLarfCKTlBzX0xCkDhOoqLw9ZuUW54I7 uww=\nisc.org. 7200 IN MX 10 mx.ams1.isc.org.\nisc.org. 7200 IN MX 10 mx.pao1.isc.org.\nisc.org. 7200 IN RRSIG MX 5 2 7200 20140815213213 20140716213213 4521 isc.org. NtAd/mQnrku1jf9dA84Mk366nqdADF1+HnFDg1+Rl+cNb88oIBEcBcCW SttIybIe+65ganybbYDCLV8TcovCx6o/SWZMXuXmnjy5cYey6a6uAz3x uUVfr4g1RMo6OsbnJ9GfF5NDWHxKFcToOI3scHMj9fxwK19sy17uPlSn wos=\nisc.org. 7200 IN TXT \"$Id: isc.org,v 1.1906 2014-07-16 22:31:39 dmahoney Exp $\"\nisc.org. 7200 IN TXT \"v=spf1 a mx ip4:204.152.184.0/21 ip4:149.20.0.0/16 ip6:2001:04F8::0/32 ip6:2001:500:60::65/128 ~all\"\nisc.org. 7200 IN RRSIG TXT 5 2 7200 20140815213213 20140716213213 4521 isc.org. p2DfhLN/QATV2tE7ocHVFlQvGuomk1X9ktiatir17JWiP27349zBp7qf uHM4NJjYAsxXGQdSTLnI60we8JziiRe9czcBNWmO9mRzSNEUvGFJ1ZKr r9d6RyyMq82z468IQH7IPlsM41YAbyJIdXppU0MzHkL3Z1tdRnEH0d6z XGw=\nisc.org. 59 IN AAAA 2001:4f8:0:2::69\nisc.org. 60 IN RRSIG AAAA 5 2 60 20140815213213 20140716213213 4521 isc.org. Zqu51yF2GkLf4NPVRMyUADzXgVksJ/KfvgiWwgMTFKmwjmU6FoAW58PJ XO/A5Zr9gvRz9K3/iyGEhlxoKM+prQhtlykUm/CUtg4tsrOnu3Z9vX7P EK9QJ9ayCw2/LAAgeslpeL9aJIWHEDL6vWrmRz4UaymUNZ9Si1peCjc3 Rik=\nisc.org. 7200 IN NAPTR 20 0 \"S\" \"SIP+D2U\" \"\" _sip._udp.isc.org.\nisc.org. 7200 IN RRSIG NAPTR 5 2 7200 20140815213213 20140716213213 4521 isc.org. OzJhjUmLdxwtWJoT2T8r5f8189+tb5PK5NovNRBh13WaQgCj+Xevnbt7 Y6FV44KXze3gt54wlCE0jI/5Scj1TY7fsmEYzlhs4omyxhT1P20CmVx9 yi55UevBzkinWurVrQGS2mHh6mvldzR/uGRYNf5stVhX0bREvdRQQEkj c6k=\nisc.org. 3600 IN NSEC _adsp._domainkey.isc.org. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY SPF\nisc.org. 3600 IN RRSIG NSEC 5 2 3600 20140815213213 20140716213213 4521 isc.org. jGkMrA76pO0rmNyjKXwVydxQEfdoxho9dIOCjXsLzvB1Q4KJljBQgHOB Qx8E59RrMoZp6dIDd14rH22BBgBXEuK7VIn4FvyR0+HTYToYdVXna8XO 9SVlFipeJe8ch2DyYr8HuYItH7WSHfSfcoG6Z0Iexulqbq4vwxeeXkvk Rh4=\nisc.org. 7200 IN DNSKEY 256 3 5 AwEAAbJpDF4RemdHHE/HrJJhR3zpzAQ6zsHqFv0i4lCWTUf4sX+cq3vS u7fKO4QJtm97S1sbcnmHonVE3QPzLOsqsY630Wy5JzrPK3gUvQLgfIso vo2v+dosITL8WbvjU1mEXhIwfuuBhYmYSKySZ0X9gpHGhdxRd+J8M7ri PfN7kHLP\nisc.org. 7200 IN DNSKEY 257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGr hhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+ u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy3 47cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQz Bkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyL KOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bB yBNsO70aEFTd\nisc.org. 7200 IN RRSIG DNSKEY 5 2 7200 20140815210128 20140716210128 4521 isc.org. gMreL9DFjvDFpMVl1Uh1/tPBFOg0rvo060dfEUxJEIlu2Wqsqqz/rv7X 98NgLFo5T4KLbVp8Wloc7sYBHz9OVa1ILV/UYDFFgVCAkLa9yv2XBPkj X6HEGVy1ddx2pcN6K0mKrjs75Z9kvX49c2EEu1ohc6vtLG16Y4mwy114 lWM=\nisc.org. 7200 IN RRSIG DNSKEY 5 2 7200 20140815210128 20140716210128 12892 isc.org. Om1S8XzWDaMkne1BL1O77uNBx4VecenGpAaaoiBjnzHz/xHMBylK7mA4 OcH9OwI2NoXQ/EB7qfowkzbwZEF+Ep+VJ3y2fykpDkUGn8iueHw9CEIq m7kPbioANV7CECNT8giB/pHO7na0hAZGnhaYfBkRTw28NitNSdaPa3CFru+JspRLkxeufCNLJkpU6nlCNI0DSfmj6D8sCECNnPUBetWMBlZyfmyd pRE+ZT+5Q2qoUV152pn86MxVPLe5nJc1fEcwi/9XoFaoTtDywdL+GL0f uaWIcZm4QaugYY6Bi532/IAXfqDxaLImoQh/vYj5Q0JRgZTrsQdP0o/n aWKW5w==\nisc.org. 7200 IN SPF \"v=spf1 a mx ip4:204.152.184.0/21 ip4:149.20.0.0/16 ip6:2001:04F8::0/32 ip6:2001:500:60::65/128 ~all\"\nisc.org. 7200 IN RRSIG SPF 5 2 7200 20140815213213 20140716213213 4521 isc.org. Il7WC6FXFV73qEjXhqiQ2M4IYN3yZngbWmqr/FnDOeQnRTipW5+MVXel M377OezVnnmni1//KQEjeO/iVl03ShcHdhgfslSKlsPc5m2nlVaVB+CB FhNxWwIEdLOL8Yn3ZyW5i1hKqCSUmTD/KiC+xHyTQvs/QwNjmeorZ52i /gs=\nisc.org. 7200 IN SOA ns-int.isc.org. hostmaster.isc.org. 2014071601 7200 3600 24796800 3600\nisc.org. 7199 IN NS ord.sns-pb.isc.org.\nisc.org. 7199 IN NS ns.isc.afilias-nst.info.\nisc.org. 7199 IN NS ams.sns-pb.isc.org.\nisc.org. 7199 IN NS sfba.sns-pb.isc.org.\nisc.org. 7200 IN RRSIG NS 5 2 7200 20140815213213 20140716213213 4521 isc.org. V3ye+DubBygL2Dz7AHMjjC1CrVkWUDnjnZKOsOG/VWDY6tWFVV49OHeV 7HmaB2vAdrE7ZSr6pwffonvY9xRCPHf6QUrcrrc5bYi3QASZGZ2AKwTJ UuwVgSnh/1ZyDkOnSP29UwBYUol+CSas/Z8Oo32bBFLcsEZUWW56xUmC 1eE=\nisc.org. 81985 IN RRSIG DS 7 2 86400 20140807155612 20140717145612 21185 org. ZO/Yl9ByYm0NZbL2x7v14pvFknBQJeL7zFRgUocxSRi3v/g/kBTACNTH Fp4dQGgO2JjMkYd2DhvFRmxLYa2+aoASPuNU9lM9TdZ36ptrBkWeNp4l 09BVLhrSW140P7Jkud/nCkn/RtHYonfwp9rs6tJxINIE3KClAMRDn1xr ZmE=\nisc.org. 81985 IN DS 12892 5 1 982113D08B4C6A1D9F6AEE1E2237AEF69F3F9759\nisc.org. 81985 IN DS 12892 5 2 F1E184C0E1D615D20EB3C223ACED3B03C773DD952D5F0EB5C777586D E18DA6B5\n\n;; AUTHORITY SECTION:\nisc.org. 7199 IN NS sfba.sns-pb.isc.org.\nisc.org. 7199 IN NS ord.sns-pb.isc.org.\nisc.org. 7199 IN NS ns.isc.afilias-nst.info.\nisc.org. 7199 IN NS ams.sns-pb.isc.org.\n\n;; ADDITIONAL SECTION:\nmx.ams1.isc.org. 3600 IN A 199.6.1.65\nmx.ams1.isc.org. 3600 IN AAAA 2001:500:60::65\nmx.pao1.isc.org. 3600 IN A 149.20.64.53\nmx.pao1.isc.org. 3600 IN AAAA 2001:4f8:0:2::2b\nasterisk.isc.org. 299 IN A 149.20.32.15\nns.isc.afilias-nst.info. 9497 IN A 199.254.63.254\nns.isc.afilias-nst.info. 9497 IN AAAA 2001:500:2c::254\nams.sns-pb.isc.org. 2785 IN A 199.6.1.30\nams.sns-pb.isc.org. 2785 IN AAAA 2001:500:60::30\nord.sns-pb.isc.org. 2785 IN A 199.6.0.30\nord.sns-pb.isc.org. 2785 IN AAAA 2001:500:71::30\nsfba.sns-pb.isc.org. 2785 IN A 149.20.64.3\nsfba.sns-pb.isc.org. 2785 IN AAAA 2001:4f8:0:2::19\n_sip._udp.isc.org. 7200 IN SRV 0 1 5060 asterisk.isc.org.\n\n;; Query time: 748 msec\n;; SERVER: x.x.x.x#53(x.x.x.x)\n;; WHEN: Thu Jul 16 14:31:53 Central Daylight Time 2014\n;; MSG SIZE rcvd: 3680
\n\n
One other key piece to this puzzle is that DNS uses the User Datagram Protocol (UDP) to send requests and responses. UDP is a connectionless protocol, so it doesn't care if the recipient of a given response is the intended recipient. An attacker could spoof an IP address and use an open DNS resolver to request a bunch of DNS data and have it sent to the victim's machine. The victim would be like, \"why in the world are you sending me all this stuff I didn't ask for?!?\" And then the victim would get overwhelmed with DNS data and wouldn't be able to process legitimate traffic.
\n\n
One specific type of DNS request is the \"ANY\" request. As you probably know, a DNS server can respond with lots of different record types (you can see several of them in the screenshot above). Some are bigger than others and, ironically for this situation, some of the biggest are the records associated with DNSSEC (which is a suite of extensions that adds security to DNS responses). If you are an attacker and you want to flood a victim's machine with lots of data, it stands to reason that you would request the largest records. Well, there's an \"ANY\" query that returns all known information about a DNS zone in a single request (I used the \"ANY\" query in the example above).
\n\n
Check out the following picture for an example:
\n\n
\n\n
\n\n
\n\n
Even though a small request can result in a large response, an attacker will need to send lots of these requests in order to really affect the victim. This is where a botnet can be very powerful and effective. By leveraging a botnet to produce a large number of spoofed DNS queries, an attacker can create an immense amount of traffic with little effort. As I like to say, \"botnets put the \"D\" in DDoS.\" Imagine the scenario pictured above with millions of attack machines sending millions of \"ANY\" requests to millions of open DNS resolvers \"on behalf of\" only one victim machine. You can see pretty quickly how this distributed attack could overwhelm the victim machine.
\n\n
It gets hard to prevent these types of attacks because the DNS responses are legitimate data coming from valid servers. In fact, the United States Computer Emergency Readiness Team (US-CERT) says \"Unfortunately, due to the massive traffic volume that can be produced by one of these attacks, there is often little that the victim can do to counter a large-scale DNS amplification-based distributed denial-of-service attack.\" Well that's not very encouraging. One thing you could do is simply block the \"ANY\" query type, but that would also block legitimate ANY queries that are required for certain applications. What other options are there?
\n\n
\n\n
The iRule...
\n\n
Let me introduce you to the flexibility and power of F5's iRules! Now, I'm not saying that this iRule will solve every single problem in your life, but it has certainly proven to be very effective in mitigating these \"ANY\" amplification attacks. The iRule (technically 2 iRules) utilizes two Virtual Servers: one UDP and one TCP.
\n\n
The iRule on the UDP VIP checks to see if the query type is \"ANY\" and, if so, it responds with a truncated message which will force the legitimate client to use TCP (a connection-based protocol that allows the sender to know who the recipient is). This iRule also requires you to create a data group (called \"admin_datagroup\" in this iRule) that lists the networks that are allowed to do recursive lookups. If the DNS response is not from DNS Express and does not match the admin_datagroup then the response gets dropped. Note that starting in v11, any data groups that are configured in a partition other than /Common must be referenced by /Partition_Name/Data-Group_Name, even by iRules configured in that partition. Data groups referenced only by name are implicitly presumed to be /Common/Data-Group_Name.
\n\n
The iRule on the TCP VIP simply checks to see if the response is from DNS Express or is a part of the admin_datagroup. If neither is true, the response gets dropped.
\n# UDP VIP iRule \n\n# This first part checks if the DNS query type is \"ANY\" and responds with a truncated header \n\nwhen DNS_REQUEST { \nif { [DNS::question type] eq \"ANY\" } { \nDNS::answer clear \nDNS::header tc 1 \nDNS::return \n} \n} \n\n# This part checks to see if the response packet is built from the first logic (origin = TCL) \n# If yes, then exit and do not process further \n# If no, then check if the response is from DNS Express...if it is, allow an answer for non \"ANY\" type \n# If not from DNS Express, check to see if it matches the admin_datagroup created for recursive allowed networks \n# If it does not match both conditions, then drop \n\nwhen DNS_RESPONSE { \nif { [DNS::origin] eq \"TCL\" } { \nreturn \n} elseif { [DNS::origin] ne \"DNSX\" } { \nif { not [class match [IP::client_addr] eq \"admin_datagroup\" ] } { \nDNS::drop \n} \n} \n}
\n\n
\n#TCP VIP iRule \n\n# Simple logic to check and see if the response is from DNS Express or a part of the admin_datagroup \n# If not from DNS Express, check to see if it matches the admin_datagroup created for recursive allowed networks \n# If it does not match both conditions, then drop \n\nwhen DNS_RESPONSE { \nif { [DNS::origin] ne \"DNSX\" } { \n if { not [class match [IP::client_addr] eq \"admin_datagroup\" ] } { \nDNS::drop \n} \n} \n}
\n\n
So, that's it! Isn't it cool that you can take a few lines of simple code and mitigate a potentially disastrous DDoS attack against your critical business infrastructure? You gotta love the power and flexibility of DNS iRules. You can read more about DNS iRules on the DNS wiki page on DevCentral. Stay tuned for more exciting articles on DNS in the future!
\n\n
","body@stringLength":"19474","rawBody":"
This is the latest in a series of DNS articles that I've been writing over the past couple of months. I started out writing about the basics of DNS and then dug into some cool DNS features on the BIG-IP. But I wanted to spend a little time on some iRule fun as well. So this article will highlight one of the many different DNS iRules out here on DevCentral. This iRule protects you from one of the popular DNS DDoS attacks (DNS Amplification Attack).
Simply stated, a DNS amplification attack takes advantage of features that allow a very small request to return a much larger response. These attacks also rely on the fact that the attacker can request these large responses on behalf of someone else (the victim). More specifically, DNS amplification attacks are a popular type of a Distributed Denial of Service (DDoS) attack in which attackers use publically accessible open DNS resolvers to flood a target system with DNS response traffic.
\n\n
DNS resolvers retrieve information from authoritative servers and return answers to end-user applications. A DNS resolver that is configured correctly will only respond for the hosts in its domain. For example, if your company has IP space 1.1.1.0 - 1.1.1.255, then your DNS resolver should not respond if a requests comes from IP address 2.2.2.2. The problem with open DNS resolvers is that they will respond to recursive queries from outside hosts. This creates some very interesting opportunities for cyber attackers.
\n\n
The following diagrams outline two different scenarios: one is a DNS resolver that has been correctly configured and the other is an open DNS resolver.
\n\n
\n\n
\n\n
\n\n
\n\n
\n\n
I did a little research and found one website that lists over 20 million open DNS resolvers on the Internet (this number changes all the time). So what's the big deal, you say? Well, here are a few reasons that open DNS resolvers are a bad thing:
\n\n
They allow outsiders to consume resources that do not belong to them
Attackers may be able to poison their cache
They are used in widespread DDoS attacks with spoofed source addresses and large DNS responses (amplification attacks)
\n\n
Using one of those open DNS resolvers, I sent a simple request for isc.org records using the dig tool. You can see from the details below that I got a 3680-byte response; the request was 64 bytes (a 57x amplifier). I also tried the same request using a properly configured DNS resolver and I got a timeout response saying no servers could be reached (the correct and expected response).
\n\n
\n\n
\n C:\\dig ANY isc.org @x.x.x.x \n\n; <<>> DiG 9.8.6-P1 <<>> ANY isc.org @x.x.x.x\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10156\n;; flags: qr rd ra; QUERY: 1, ANSWER: 30, AUTHORITY: 4, ADDITIONAL: 14\n\n;; QUESTION SECTION:\n;isc.org. IN ANY\n\n;; ANSWER SECTION:\nisc.org. 7200 IN RRSIG SOA 5 2 7200 20140815213213 20140716213213 4521 isc.org. HYVeuPKnCx/5kVzThEObGqTC4Pit00hAGEVS7FkHKGO15/WADV05Ipre +e5dpEYpfbcH5DMGeFsIEKQ0snsiXeAFYchcQYeKtR/zOeKOdOQVmFtP 985a9jRSvFXCtFyaC9mH5WY9r2teKhil6MaEAwrHaDOZvXj0siDZZP5j K4s=\nisc.org. 59 IN A 149.20.64.69\nisc.org. 60 IN RRSIG A 5 2 60 20140815213213 20140716213213 4521 isc.org. OgEvyaQ6VycKAtm4K7xHycQl22ZSiaySkXCxWdYgWU+0C96F7KvH1Nay auHTpvPFvmwsdz1ijJwKn1ZsdiUbNPCGJ58V/xVyMcE71+4e+vHD8HrU 7ktt/X7bQh14dm/MqzQAQJH4LLarfCKTlBzX0xCkDhOoqLw9ZuUW54I7 uww=\nisc.org. 7200 IN MX 10 mx.ams1.isc.org.\nisc.org. 7200 IN MX 10 mx.pao1.isc.org.\nisc.org. 7200 IN RRSIG MX 5 2 7200 20140815213213 20140716213213 4521 isc.org. NtAd/mQnrku1jf9dA84Mk366nqdADF1+HnFDg1+Rl+cNb88oIBEcBcCW SttIybIe+65ganybbYDCLV8TcovCx6o/SWZMXuXmnjy5cYey6a6uAz3x uUVfr4g1RMo6OsbnJ9GfF5NDWHxKFcToOI3scHMj9fxwK19sy17uPlSn wos=\nisc.org. 7200 IN TXT \"$Id: isc.org,v 1.1906 2014-07-16 22:31:39 dmahoney Exp $\"\nisc.org. 7200 IN TXT \"v=spf1 a mx ip4:204.152.184.0/21 ip4:149.20.0.0/16 ip6:2001:04F8::0/32 ip6:2001:500:60::65/128 ~all\"\nisc.org. 7200 IN RRSIG TXT 5 2 7200 20140815213213 20140716213213 4521 isc.org. p2DfhLN/QATV2tE7ocHVFlQvGuomk1X9ktiatir17JWiP27349zBp7qf uHM4NJjYAsxXGQdSTLnI60we8JziiRe9czcBNWmO9mRzSNEUvGFJ1ZKr r9d6RyyMq82z468IQH7IPlsM41YAbyJIdXppU0MzHkL3Z1tdRnEH0d6z XGw=\nisc.org. 59 IN AAAA 2001:4f8:0:2::69\nisc.org. 60 IN RRSIG AAAA 5 2 60 20140815213213 20140716213213 4521 isc.org. Zqu51yF2GkLf4NPVRMyUADzXgVksJ/KfvgiWwgMTFKmwjmU6FoAW58PJ XO/A5Zr9gvRz9K3/iyGEhlxoKM+prQhtlykUm/CUtg4tsrOnu3Z9vX7P EK9QJ9ayCw2/LAAgeslpeL9aJIWHEDL6vWrmRz4UaymUNZ9Si1peCjc3 Rik=\nisc.org. 7200 IN NAPTR 20 0 \"S\" \"SIP+D2U\" \"\" _sip._udp.isc.org.\nisc.org. 7200 IN RRSIG NAPTR 5 2 7200 20140815213213 20140716213213 4521 isc.org. OzJhjUmLdxwtWJoT2T8r5f8189+tb5PK5NovNRBh13WaQgCj+Xevnbt7 Y6FV44KXze3gt54wlCE0jI/5Scj1TY7fsmEYzlhs4omyxhT1P20CmVx9 yi55UevBzkinWurVrQGS2mHh6mvldzR/uGRYNf5stVhX0bREvdRQQEkj c6k=\nisc.org. 3600 IN NSEC _adsp._domainkey.isc.org. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY SPF\nisc.org. 3600 IN RRSIG NSEC 5 2 3600 20140815213213 20140716213213 4521 isc.org. jGkMrA76pO0rmNyjKXwVydxQEfdoxho9dIOCjXsLzvB1Q4KJljBQgHOB Qx8E59RrMoZp6dIDd14rH22BBgBXEuK7VIn4FvyR0+HTYToYdVXna8XO 9SVlFipeJe8ch2DyYr8HuYItH7WSHfSfcoG6Z0Iexulqbq4vwxeeXkvk Rh4=\nisc.org. 7200 IN DNSKEY 256 3 5 AwEAAbJpDF4RemdHHE/HrJJhR3zpzAQ6zsHqFv0i4lCWTUf4sX+cq3vS u7fKO4QJtm97S1sbcnmHonVE3QPzLOsqsY630Wy5JzrPK3gUvQLgfIso vo2v+dosITL8WbvjU1mEXhIwfuuBhYmYSKySZ0X9gpHGhdxRd+J8M7ri PfN7kHLP\nisc.org. 7200 IN DNSKEY 257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGr hhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+ u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy3 47cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQz Bkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyL KOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bB yBNsO70aEFTd\nisc.org. 7200 IN RRSIG DNSKEY 5 2 7200 20140815210128 20140716210128 4521 isc.org. gMreL9DFjvDFpMVl1Uh1/tPBFOg0rvo060dfEUxJEIlu2Wqsqqz/rv7X 98NgLFo5T4KLbVp8Wloc7sYBHz9OVa1ILV/UYDFFgVCAkLa9yv2XBPkj X6HEGVy1ddx2pcN6K0mKrjs75Z9kvX49c2EEu1ohc6vtLG16Y4mwy114 lWM=\nisc.org. 7200 IN RRSIG DNSKEY 5 2 7200 20140815210128 20140716210128 12892 isc.org. Om1S8XzWDaMkne1BL1O77uNBx4VecenGpAaaoiBjnzHz/xHMBylK7mA4 OcH9OwI2NoXQ/EB7qfowkzbwZEF+Ep+VJ3y2fykpDkUGn8iueHw9CEIq m7kPbioANV7CECNT8giB/pHO7na0hAZGnhaYfBkRTw28NitNSdaPa3CFru+JspRLkxeufCNLJkpU6nlCNI0DSfmj6D8sCECNnPUBetWMBlZyfmyd pRE+ZT+5Q2qoUV152pn86MxVPLe5nJc1fEcwi/9XoFaoTtDywdL+GL0f uaWIcZm4QaugYY6Bi532/IAXfqDxaLImoQh/vYj5Q0JRgZTrsQdP0o/n aWKW5w==\nisc.org. 7200 IN SPF \"v=spf1 a mx ip4:204.152.184.0/21 ip4:149.20.0.0/16 ip6:2001:04F8::0/32 ip6:2001:500:60::65/128 ~all\"\nisc.org. 7200 IN RRSIG SPF 5 2 7200 20140815213213 20140716213213 4521 isc.org. Il7WC6FXFV73qEjXhqiQ2M4IYN3yZngbWmqr/FnDOeQnRTipW5+MVXel M377OezVnnmni1//KQEjeO/iVl03ShcHdhgfslSKlsPc5m2nlVaVB+CB FhNxWwIEdLOL8Yn3ZyW5i1hKqCSUmTD/KiC+xHyTQvs/QwNjmeorZ52i /gs=\nisc.org. 7200 IN SOA ns-int.isc.org. hostmaster.isc.org. 2014071601 7200 3600 24796800 3600\nisc.org. 7199 IN NS ord.sns-pb.isc.org.\nisc.org. 7199 IN NS ns.isc.afilias-nst.info.\nisc.org. 7199 IN NS ams.sns-pb.isc.org.\nisc.org. 7199 IN NS sfba.sns-pb.isc.org.\nisc.org. 7200 IN RRSIG NS 5 2 7200 20140815213213 20140716213213 4521 isc.org. V3ye+DubBygL2Dz7AHMjjC1CrVkWUDnjnZKOsOG/VWDY6tWFVV49OHeV 7HmaB2vAdrE7ZSr6pwffonvY9xRCPHf6QUrcrrc5bYi3QASZGZ2AKwTJ UuwVgSnh/1ZyDkOnSP29UwBYUol+CSas/Z8Oo32bBFLcsEZUWW56xUmC 1eE=\nisc.org. 81985 IN RRSIG DS 7 2 86400 20140807155612 20140717145612 21185 org. ZO/Yl9ByYm0NZbL2x7v14pvFknBQJeL7zFRgUocxSRi3v/g/kBTACNTH Fp4dQGgO2JjMkYd2DhvFRmxLYa2+aoASPuNU9lM9TdZ36ptrBkWeNp4l 09BVLhrSW140P7Jkud/nCkn/RtHYonfwp9rs6tJxINIE3KClAMRDn1xr ZmE=\nisc.org. 81985 IN DS 12892 5 1 982113D08B4C6A1D9F6AEE1E2237AEF69F3F9759\nisc.org. 81985 IN DS 12892 5 2 F1E184C0E1D615D20EB3C223ACED3B03C773DD952D5F0EB5C777586D E18DA6B5\n\n;; AUTHORITY SECTION:\nisc.org. 7199 IN NS sfba.sns-pb.isc.org.\nisc.org. 7199 IN NS ord.sns-pb.isc.org.\nisc.org. 7199 IN NS ns.isc.afilias-nst.info.\nisc.org. 7199 IN NS ams.sns-pb.isc.org.\n\n;; ADDITIONAL SECTION:\nmx.ams1.isc.org. 3600 IN A 199.6.1.65\nmx.ams1.isc.org. 3600 IN AAAA 2001:500:60::65\nmx.pao1.isc.org. 3600 IN A 149.20.64.53\nmx.pao1.isc.org. 3600 IN AAAA 2001:4f8:0:2::2b\nasterisk.isc.org. 299 IN A 149.20.32.15\nns.isc.afilias-nst.info. 9497 IN A 199.254.63.254\nns.isc.afilias-nst.info. 9497 IN AAAA 2001:500:2c::254\nams.sns-pb.isc.org. 2785 IN A 199.6.1.30\nams.sns-pb.isc.org. 2785 IN AAAA 2001:500:60::30\nord.sns-pb.isc.org. 2785 IN A 199.6.0.30\nord.sns-pb.isc.org. 2785 IN AAAA 2001:500:71::30\nsfba.sns-pb.isc.org. 2785 IN A 149.20.64.3\nsfba.sns-pb.isc.org. 2785 IN AAAA 2001:4f8:0:2::19\n_sip._udp.isc.org. 7200 IN SRV 0 1 5060 asterisk.isc.org.\n\n;; Query time: 748 msec\n;; SERVER: x.x.x.x#53(x.x.x.x)\n;; WHEN: Thu Jul 16 14:31:53 Central Daylight Time 2014\n;; MSG SIZE rcvd: 3680
\n\n
One other key piece to this puzzle is that DNS uses the User Datagram Protocol (UDP) to send requests and responses. UDP is a connectionless protocol, so it doesn't care if the recipient of a given response is the intended recipient. An attacker could spoof an IP address and use an open DNS resolver to request a bunch of DNS data and have it sent to the victim's machine. The victim would be like, \"why in the world are you sending me all this stuff I didn't ask for?!?\" And then the victim would get overwhelmed with DNS data and wouldn't be able to process legitimate traffic.
\n\n
One specific type of DNS request is the \"ANY\" request. As you probably know, a DNS server can respond with lots of different record types (you can see several of them in the screenshot above). Some are bigger than others and, ironically for this situation, some of the biggest are the records associated with DNSSEC (which is a suite of extensions that adds security to DNS responses). If you are an attacker and you want to flood a victim's machine with lots of data, it stands to reason that you would request the largest records. Well, there's an \"ANY\" query that returns all known information about a DNS zone in a single request (I used the \"ANY\" query in the example above).
\n\n
Check out the following picture for an example:
\n\n
\n\n
\n\n
\n\n
Even though a small request can result in a large response, an attacker will need to send lots of these requests in order to really affect the victim. This is where a botnet can be very powerful and effective. By leveraging a botnet to produce a large number of spoofed DNS queries, an attacker can create an immense amount of traffic with little effort. As I like to say, \"botnets put the \"D\" in DDoS.\" Imagine the scenario pictured above with millions of attack machines sending millions of \"ANY\" requests to millions of open DNS resolvers \"on behalf of\" only one victim machine. You can see pretty quickly how this distributed attack could overwhelm the victim machine.
\n\n
It gets hard to prevent these types of attacks because the DNS responses are legitimate data coming from valid servers. In fact, the United States Computer Emergency Readiness Team (US-CERT) says \"Unfortunately, due to the massive traffic volume that can be produced by one of these attacks, there is often little that the victim can do to counter a large-scale DNS amplification-based distributed denial-of-service attack.\" Well that's not very encouraging. One thing you could do is simply block the \"ANY\" query type, but that would also block legitimate ANY queries that are required for certain applications. What other options are there?
\n\n
\n\n
The iRule...
\n\n
Let me introduce you to the flexibility and power of F5's iRules! Now, I'm not saying that this iRule will solve every single problem in your life, but it has certainly proven to be very effective in mitigating these \"ANY\" amplification attacks. The iRule (technically 2 iRules) utilizes two Virtual Servers: one UDP and one TCP.
\n\n
The iRule on the UDP VIP checks to see if the query type is \"ANY\" and, if so, it responds with a truncated message which will force the legitimate client to use TCP (a connection-based protocol that allows the sender to know who the recipient is). This iRule also requires you to create a data group (called \"admin_datagroup\" in this iRule) that lists the networks that are allowed to do recursive lookups. If the DNS response is not from DNS Express and does not match the admin_datagroup then the response gets dropped. Note that starting in v11, any data groups that are configured in a partition other than /Common must be referenced by /Partition_Name/Data-Group_Name, even by iRules configured in that partition. Data groups referenced only by name are implicitly presumed to be /Common/Data-Group_Name.
\n\n
The iRule on the TCP VIP simply checks to see if the response is from DNS Express or is a part of the admin_datagroup. If neither is true, the response gets dropped.
\n# UDP VIP iRule \n\n# This first part checks if the DNS query type is \"ANY\" and responds with a truncated header \n\nwhen DNS_REQUEST { \nif { [DNS::question type] eq \"ANY\" } { \nDNS::answer clear \nDNS::header tc 1 \nDNS::return \n} \n} \n\n# This part checks to see if the response packet is built from the first logic (origin = TCL) \n# If yes, then exit and do not process further \n# If no, then check if the response is from DNS Express...if it is, allow an answer for non \"ANY\" type \n# If not from DNS Express, check to see if it matches the admin_datagroup created for recursive allowed networks \n# If it does not match both conditions, then drop \n\nwhen DNS_RESPONSE { \nif { [DNS::origin] eq \"TCL\" } { \nreturn \n} elseif { [DNS::origin] ne \"DNSX\" } { \nif { not [class match [IP::client_addr] eq \"admin_datagroup\" ] } { \nDNS::drop \n} \n} \n}
\n\n
\n#TCP VIP iRule \n\n# Simple logic to check and see if the response is from DNS Express or a part of the admin_datagroup \n# If not from DNS Express, check to see if it matches the admin_datagroup created for recursive allowed networks \n# If it does not match both conditions, then drop \n\nwhen DNS_RESPONSE { \nif { [DNS::origin] ne \"DNSX\" } { \n if { not [class match [IP::client_addr] eq \"admin_datagroup\" ] } { \nDNS::drop \n} \n} \n}
\n\n
So, that's it! Isn't it cool that you can take a few lines of simple code and mitigate a potentially disastrous DDoS attack against your critical business infrastructure? You gotta love the power and flexibility of DNS iRules. You can read more about DNS iRules on the DNS wiki page on DevCentral. Stay tuned for more exciting articles on DNS in the future!
\n\n
","kudosSumWeight":0,"postTime":"2014-07-16T12:57:00.000-07:00","images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODAzMzAtNzMxOGlDRDRCMUNFNzI4RkU1MDZF?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODAzMzAtMTAxNjlpQTFBNzcyRkRBM0FENzk4MQ?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODAzMzAtMjUyOWlBMjMzMTlGOTQ3MDJERTMx?revision=1\"}"}}],"totalCount":3,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"attachments":{"__typename":"AttachmentConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjQuMTF8Mi4xfG98MTB8X05WX3wx","node":{"__typename":"Tag","id":"tag:application delivery","text":"application delivery","time":"2021-06-30T01:48:44.000-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjQuMTF8Mi4xfG98MTB8X05WX3wy","node":{"__typename":"Tag","id":"tag:BIG-IP DNS","text":"BIG-IP DNS","time":"2022-01-24T02:29:45.994-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjQuMTF8Mi4xfG98MTB8X05WX3wz","node":{"__typename":"Tag","id":"tag:ddos","text":"ddos","time":"2022-01-24T02:30:10.127-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjQuMTF8Mi4xfG98MTB8X05WX3w0","node":{"__typename":"Tag","id":"tag:devops","text":"devops","time":"2011-10-19T17:50:55.000-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjQuMTF8Mi4xfG98MTB8X05WX3w1","node":{"__typename":"Tag","id":"tag:dns","text":"dns","time":"2022-01-24T02:29:57.352-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjQuMTF8Mi4xfG98MTB8X05WX3w2","node":{"__typename":"Tag","id":"tag:iRules","text":"iRules","time":"2022-01-24T02:29:45.106-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjQuMTF8Mi4xfG98MTB8X05WX3w3","node":{"__typename":"Tag","id":"tag:LTM","text":"LTM","time":"2022-01-24T02:29:45.119-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjQuMTF8Mi4xfG98MTB8X05WX3w4","node":{"__typename":"Tag","id":"tag:security","text":"security","time":"2009-07-03T08:19:36.000-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":10,"rawTeaser":"","introduction":"","currentRevision":{"__ref":"Revision:revision:280330_1"},"latestVersion":{"__typename":"FriendlyVersion","major":"1","minor":"0"},"metrics":{"__typename":"MessageMetrics","views":1407},"visibilityScope":"PUBLIC","canonicalUrl":null,"seoTitle":null,"seoDescription":null,"placeholder":false,"originalMessageForPlaceholder":null,"contributors":{"__typename":"UserConnection","edges":[]},"nonCoAuthorContributors":{"__typename":"UserConnection","edges":[]},"coAuthors":{"__typename":"UserConnection","edges":[{"__typename":"UserEdge","node":{"__ref":"User:user:56738"}}]},"tkbMessagePolicies":{"__typename":"TkbMessagePolicies","canDoAuthoringActionsOnTkb":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.tkb.policy_can_do_authoring_action.accessDenied","key":"error.lithium.policies.tkb.policy_can_do_authoring_action.accessDenied","args":[]}}},"archivalData":null,"replies":{"__typename":"MessageConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"customFields":[],"revisions({\"constraints\":{\"isPublished\":{\"eq\":true}},\"first\":1})":{"__typename":"RevisionConnection","totalCount":1}},"Conversation:conversation:280330":{"__typename":"Conversation","id":"conversation:280330","solved":false,"topic":{"__ref":"TkbTopicMessage:message:280330"},"lastPostingActivityTime":"2014-07-16T12:57:00.000-07:00","lastPostTime":"2014-07-16T12:57:00.000-07:00","unreadReplyCount":0,"isSubscribed":false},"ModerationData:moderation_data:280330":{"__typename":"ModerationData","id":"moderation_data:280330","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODAzMzAtNzMxOGlDRDRCMUNFNzI4RkU1MDZF?revision=1\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODAzMzAtNzMxOGlDRDRCMUNFNzI4RkU1MDZF?revision=1","title":"0151T000003d6CLQAY.jpg","associationType":"BODY","width":1828,"height":671,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODAzMzAtMTAxNjlpQTFBNzcyRkRBM0FENzk4MQ?revision=1\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODAzMzAtMTAxNjlpQTFBNzcyRkRBM0FENzk4MQ?revision=1","title":"0151T000003d6CMQAY.jpg","associationType":"BODY","width":1828,"height":515,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODAzMzAtMjUyOWlBMjMzMTlGOTQ3MDJERTMx?revision=1\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODAzMzAtMjUyOWlBMjMzMTlGOTQ3MDJERTMx?revision=1","title":"0151T000003d6CNQAY.jpg","associationType":"BODY","width":2044,"height":871,"altText":null},"Revision:revision:280330_1":{"__typename":"Revision","id":"revision:280330_1","lastEditTime":"2014-07-16T12:57:00.000-07:00"},"CachedAsset:theme:customTheme1-1737544990280":{"__typename":"CachedAsset","id":"theme:customTheme1-1737544990280","value":{"id":"customTheme1","animation":{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51, 1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":["custom"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"JimmyPackets-512-1702592938213.png","imageLastModified":"1702592945815","__typename":"ThemeAsset"},"customerLogo":{"imageAssetName":"f5_logo_fix-1704824537976.svg","imageLastModified":"1704824540697","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"1600px","oneColumnNarrowWidth":"800px","gridGutterWidthMd":"30px","gridGutterWidthXs":"10px","pageWidthStyle":"WIDTH_OF_PAGE_CONTENT","__typename":"BasicsThemeSettings"},"buttons":{"borderRadiusSm":"5px","borderRadius":"5px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(--lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"14px","paddingXHero":"42px","fontStyle":"NORMAL","fontWeight":"400","textTransform":"NONE","disabledOpacity":0.5,"primaryTextColor":"var(--lia-bs-white)","primaryTextHoverColor":"var(--lia-bs-white)","primaryTextActiveColor":"var(--lia-bs-white)","primaryBgColor":"var(--lia-bs-primary)","primaryBgHoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.85))","primaryBgActiveColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.7))","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","secondaryTextColor":"var(--lia-bs-gray-900)","secondaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","secondaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","secondaryBgColor":"var(--lia-bs-gray-400)","secondaryBgHoverColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.96))","secondaryBgActiveColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.92))","secondaryBorder":"1px solid transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","tertiaryTextColor":"var(--lia-bs-gray-900)","tertiaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","tertiaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.04)","tertiaryBorder":"1px solid transparent","tertiaryBorderHover":"1px solid hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid transparent","tertiaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","destructiveTextColor":"var(--lia-bs-danger)","destructiveTextHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.95))","destructiveTextActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.9))","destructiveBgColor":"var(--lia-bs-gray-300)","destructiveBgHoverColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.96))","destructiveBgActiveColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.92))","destructiveBorder":"1px solid transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","mainContent":"NONE","sideContent":"NONE","radiusSm":"3px","radius":"5px","radiusLg":"9px","radius50":"100vw","__typename":"BorderThemeSettings"},"boxShadow":{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.06)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":{"defaultMessageLinkColor":"var(--lia-bs-primary)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"400","defaultMessageFontStyle":"NORMAL","defaultMessageFontWeight":"400","forumColor":"#0C5C8D","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#62C026","blogColor":"#730015","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#C20025","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#F3704B","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#EE4B5B","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#491B62","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesThemeSettings"},"colors":{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCCCC","gray600":"#949494","gray700":"#707070","gray800":"#545454","gray900":"#333333","dark":"#545454","light":"#F7F7F7","primary":"#0C5C8D","secondary":"#333333","bodyText":"#222222","bodyBg":"#F5F5F5","info":"#1D9CD3","success":"#62C026","warning":"#FFD651","danger":"#C20025","alertSystem":"#FF6600","textMuted":"#707070","highlight":"#FFFCAD","outline":"var(--lia-bs-primary)","custom":["#C20025","#081B85","#009639","#B3C6D7","#7CC0EB","#F29A36"],"__typename":"ColorsThemeSettings"},"divider":{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#ffffff","primaryBgColor":"#0069D4","primaryBgHoverColor":"#005cb8","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#a78058","skinToneDark":"#5e4d43","__typename":"EmojiThemeSettings"},"heading":{"color":"var(--lia-bs-body-color)","fontFamily":"Inter","fontStyle":"NORMAL","fontWeight":"600","h1FontSize":"30px","h2FontSize":"25px","h3FontSize":"20px","h4FontSize":"18px","h5FontSize":"16px","h6FontSize":"16px","lineHeight":"1.2","subHeaderFontSize":"11px","subHeaderFontWeight":"500","h1LetterSpacing":"normal","h2LetterSpacing":"normal","h3LetterSpacing":"normal","h4LetterSpacing":"normal","h5LetterSpacing":"normal","h6LetterSpacing":"normal","subHeaderLetterSpacing":"2px","h1FontWeight":null,"h2FontWeight":null,"h3FontWeight":null,"h4FontWeight":null,"h5FontWeight":null,"h6FontWeight":null,"__typename":"HeadingThemeSettings"},"icons":{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","size60":"60px","size80":"80px","size120":"120px","size160":"160px","__typename":"IconsThemeSettings"},"imagePreview":{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) - 10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":null,"imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typename":"BackgroundProps"},"backgroundOpacity":0.8,"paddingTop":"15px","paddingBottom":"15px","borderBottom":"1px solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxShadowHover":"none","linkTextBorderBottom":"none","linkTextBorderBottomHover":"none","dropdownPaddingTop":"10px","dropdownPaddingBottom":"15px","dropdownPaddingX":"10px","dropdownMenuOffset":"2px","dropdownDividerMarginTop":"10px","dropdownDividerMarginBottom":"10px","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%, 50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collapseMenuMarginLeft":"20px","collapseMenuDividerBg":"var(--lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem 1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"0.7","propColor":"#990055","selectorColor":"#517a00","operatorColor":"#906736","operatorBgColor":"hsla(0, 0%, 100%, 0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","customColor6":"#2dc26b","customColor7":"#f1c40f","customColor8":"#e03e2d","customColor9":"#b96ad9","customColor10":"#3598db","customColor11":"#169179","customColor12":"#e67e23","customColor13":"#ba372a","customColor14":"#843fa1","customColor15":"#236fa1","customColor16":"#ecf0f1","customColor17":"#ced4d9","customColor18":"#95a5a6","customColor19":"#7e8c8d","customColor20":"#34495e","customColor21":"#000000","customColor22":"#ffffff","defaultMessageHeaderMarginTop":"14px","defaultMessageHeaderMarginBottom":"10px","defaultMessageItemMarginTop":"0","defaultMessageItemMarginBottom":"10px","diffAddedColor":"hsla(170, 53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%, 0.4)","diffRemovedColor":"hsla(9, 74%, 47%, 0.4)","specialMessageHeaderMarginTop":"14px","specialMessageHeaderMarginBottom":"10px","specialMessageItemMarginTop":"0","specialMessageItemMarginBottom":"10px","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":{"fontFamilyBase":"Atkinson Hyperlegible","fontStyleBase":"NORMAL","fontWeightBase":"400","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold":"700","letterSpacingSm":"normal","letterSpacingXs":"normal","lineHeightBase":"1.3","fontSizeBase":"15px","fontSizeXxs":"11px","fontSizeXs":"12px","fontSizeSm":"13px","fontSizeLg":"20px","fontSizeXl":"24px","smallFontSize":"14px","customFonts":[],"__typename":"TypographyThemeSettings"},"unstyledListItem":{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename":"UnstyledListItemThemeSettings"},"yiq":{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLightest":0.93,"successDark":0.24,"successLight":0.62,"successLighter":0.8,"successLightest":0.91,"warningDark":0.39,"warningLight":0.68,"warningLighter":0.84,"warningLightest":0.93,"dangerDark":0.41,"dangerLight":0.72,"dangerLighter":0.89,"dangerLightest":0.95,"__typename":"ColorLightnessThemeSettings"},"localOverride":false,"__typename":"Theme"},"localOverride":false},"CachedAsset:text:en_US-components/common/EmailVerification-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1728320186000","value":{"email.verification.title":"Email Verification Required","email.verification.message.update.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. To change your email, visit My Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1728320186000","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:quilt:f5.prod:pages/kbs/TkbMessagePage:board:TechnicalArticles-1737544988701":{"__typename":"CachedAsset","id":"quilt:f5.prod:pages/kbs/TkbMessagePage:board:TechnicalArticles-1737544988701","value":{"id":"TkbMessagePage","container":{"id":"Common","headerProps":{"backgroundImageProps":null,"backgroundColor":null,"addComponents":null,"removeComponents":["community.widget.bannerWidget"],"componentOrder":null,"__typename":"QuiltContainerSectionProps"},"headerComponentProps":{"community.widget.breadcrumbWidget":{"disableLastCrumbForDesktop":false}},"footerProps":null,"footerComponentProps":null,"items":[{"id":"message-list","layout":"MAIN_SIDE","bgColor":"transparent","showTitle":true,"showDescription":true,"textPosition":"CENTER","textColor":"var(--lia-bs-body-color)","sectionEditLevel":null,"bgImage":null,"disableSpacing":null,"edgeToEdgeDisplay":null,"fullHeight":null,"showBorder":null,"__typename":"MainSideQuiltSection","columnMap":{"main":[{"id":"tkbs.widget.tkbArticleWidget","className":"lia-tkb-container","props":{"contributorListType":"panel","showHelpfulness":false,"showTimestamp":true,"showGuideNavigationSection":true,"showVersion":true,"lazyLoad":false,"editLevel":"CONFIGURE"},"__typename":"QuiltComponent"}],"side":[{"id":"featuredWidgets.widget.featuredContentWidget","className":null,"props":{"instanceId":"featuredWidgets.widget.featuredContentWidget-1702666556326","layoutProps":{"layout":"card","layoutOptions":{"useRepliesCount":false,"useAuthorRank":false,"useTimeToRead":true,"useKudosCount":false,"useViewCount":true,"usePreviewMedia":true,"useBody":false,"useCenteredCardContent":false,"useTags":true,"useTimestamp":false,"useBoardLink":true,"useAuthorLink":false,"useSolvedBadge":true}},"titleSrOnly":false,"showPager":true,"pageSize":3,"lazyLoad":true},"__typename":"QuiltComponent"},{"id":"messages.widget.relatedContentWidget","className":null,"props":{"hideIfEmpty":true,"enablePagination":true,"useTitle":true,"listVariant":{"type":"listGroup"},"pageSize":3,"style":"list","pagerVariant":{"type":"loadMore"},"viewVariant":{"type":"inline","props":{"useRepliesCount":true,"useMedia":true,"useAuthorRank":false,"useNode":true,"useTimeToRead":true,"useSpoilerFreeBody":true,"useKudosCount":true,"useNodeLink":true,"useViewCount":true,"usePreviewMedia":false,"useBody":false,"timeStampType":"postTime","useTags":true,"clampSubjectLines":2,"useBoardIcon":false,"useMessageTimeLink":true,"clampBodyLines":3,"useTextBody":true,"useSolvedBadge":true,"useAvatar":true,"useAuthorLogin":true,"useUnreadCount":true}},"lazyLoad":true,"panelType":"divider"},"__typename":"QuiltComponent"}],"__typename":"MainSideSectionColumns"}}],"__typename":"QuiltContainer"},"__typename":"Quilt","localOverride":false},"localOverride":false},"CachedAsset:text:en_US-pages/kbs/TkbMessagePage-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-pages/kbs/TkbMessagePage-1728320186000","value":{"title":"{contextMessageSubject} | {communityTitle}","errorMissing":"This article cannot be found","name":"TKB Message Page","section.message-list.title":"","archivedMessageTitle":"This Content Has Been Archived","section.erPqcf.title":"","section.erPqcf.description":"","section.message-list.description":""},"localOverride":false},"CachedAsset:quiltWrapper:f5.prod:Common:1737544929425":{"__typename":"CachedAsset","id":"quiltWrapper:f5.prod:Common:1737544929425","value":{"id":"Common","header":{"backgroundImageProps":{"assetName":"header.jpg","backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"LEFT_CENTER","lastModified":"1702932449000","__typename":"BackgroundImageProps"},"backgroundColor":"transparent","items":[{"id":"custom.widget.Beta_MetaNav","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"community.widget.navbarWidget","props":{"showUserName":false,"showRegisterLink":true,"style":{"boxShadow":"var(--lia-bs-box-shadow-sm)","linkFontWeight":"700","controllerHighlightColor":"hsla(30, 100%, 50%)","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkFontSize":"15px","linkBoxShadowHover":"none","backgroundOpacity":0.4,"controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerBgColor":"transparent","linkTextBorderBottom":"none","hamburgerColor":"var(--lia-nav-controller-icon-color)","brandLogoHeight":"48px","linkLetterSpacing":"normal","linkBgHoverColor":"transparent","collapseMenuDividerOpacity":0.16,"paddingBottom":"10px","dropdownPaddingBottom":"15px","dropdownMenuOffset":"2px","hamburgerBgHoverColor":"transparent","borderBottom":"0","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","linkJustifyContent":"center","linkColor":"var(--lia-bs-primary)","collapseMenuDividerBg":"var(--lia-nav-link-color)","dropdownPaddingTop":"10px","controllerHighlightTextColor":"var(--lia-yiq-dark)","background":{"imageAssetName":"","color":"var(--lia-bs-white)","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkHoverColor":"var(--lia-bs-primary)","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"2px solid #0C5C8D","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","linkPaddingX":"10px","paddingTop":"10px","linkPaddingY":"5px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkBgColor":"transparent","linkDropdownPaddingY":"9px","controllerIconColor":"#0C5C8D","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"#0C5C8D"},"links":{"sideLinks":[],"mainLinks":[{"children":[{"linkType":"INTERNAL","id":"migrated-link-1","params":{"boardId":"TechnicalForum","categoryId":"Forums"},"routeName":"ForumBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-2","params":{"boardId":"WaterCooler","categoryId":"Forums"},"routeName":"ForumBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-0","params":{"categoryId":"Forums"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-4","params":{"boardId":"codeshare","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-5","params":{"boardId":"communityarticles","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-3","params":{"categoryId":"CrowdSRC"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-7","params":{"boardId":"TechnicalArticles","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"article-series","params":{"boardId":"article-series","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"security-insights","params":{"boardId":"security-insights","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-8","params":{"boardId":"DevCentralNews","categoryId":"Articles"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-6","params":{"categoryId":"Articles"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-10","params":{"categoryId":"CommunityGroups"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"migrated-link-11","params":{"categoryId":"F5-Groups"},"routeName":"CategoryPage"}],"linkType":"INTERNAL","id":"migrated-link-9","params":{"categoryId":"GroupsCategory"},"routeName":"CategoryPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-12","params":{"boardId":"Events","categoryId":"top"},"routeName":"EventBoardPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-13","params":{"boardId":"Suggestions","categoryId":"top"},"routeName":"IdeaBoardPage"}]},"className":"QuiltComponent_lia-component-edit-mode__lQ9Z6","showSearchIcon":false},"__typename":"QuiltComponent"},{"id":"community.widget.bannerWidget","props":{"backgroundColor":"transparent","visualEffects":{"showBottomBorder":false},"backgroundImageProps":{"backgroundSize":"COVER","backgroundPosition":"CENTER_CENTER","backgroundRepeat":"NO_REPEAT"},"fontColor":"#222222"},"__typename":"QuiltComponent"},{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"var(--lia-bs-primary)","linkHighlightColor":"#FFFFFF","visualEffects":{"showBottomBorder":false},"backgroundOpacity":60,"linkTextColor":"#FFFFFF"},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"footer":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"var(--lia-bs-body-color)","items":[{"id":"custom.widget.Beta_Footer","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Tag_Manager_Helper","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Consent_Blackbar","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"__typename":"QuiltWrapper","localOverride":false},"localOverride":false},"CachedAsset:text:en_US-components/common/ActionFeedback-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1728320186000","value":{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes Saved","editedGroupHub.message":"Your group has been updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be redirected to the homepage","resetTokenExpired.title":"Reset Password Link has Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new activity and reminded as the event approaches","eventInterested.title":"Responded as Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is archived","redirectToRelatedPage.message":"The content you are trying to access is archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived Content"},"localOverride":false},"CachedAsset:component:custom.widget.Beta_MetaNav-en-1737545005586":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_MetaNav-en-1737545005586","value":{"component":{"id":"custom.widget.Beta_MetaNav","template":{"id":"Beta_MetaNav","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_MetaNav","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Beta_Footer-en-1737545005586":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_Footer-en-1737545005586","value":{"component":{"id":"custom.widget.Beta_Footer","template":{"id":"Beta_Footer","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_Footer","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Tag_Manager_Helper-en-1737545005586":{"__typename":"CachedAsset","id":"component:custom.widget.Tag_Manager_Helper-en-1737545005586","value":{"component":{"id":"custom.widget.Tag_Manager_Helper","template":{"id":"Tag_Manager_Helper","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Tag_Manager_Helper","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Consent_Blackbar-en-1737545005586":{"__typename":"CachedAsset","id":"component:custom.widget.Consent_Blackbar-en-1737545005586","value":{"component":{"id":"custom.widget.Consent_Blackbar","template":{"id":"Consent_Blackbar","markupLanguage":"HTML","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Consent_Blackbar","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"TEXTHTML","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:text:en_US-components/community/Breadcrumb-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1728320186000","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBanner-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBanner-1728320186000","value":{"messageMarkedAsSpam":"This post has been marked as spam","messageMarkedAsSpam@board:TKB":"This article has been marked as spam","messageMarkedAsSpam@board:BLOG":"This post has been marked as spam","messageMarkedAsSpam@board:FORUM":"This discussion has been marked as spam","messageMarkedAsSpam@board:OCCASION":"This event has been marked as spam","messageMarkedAsSpam@board:IDEA":"This idea has been marked as spam","manageSpam":"Manage Spam","messageMarkedAsAbuse":"This post has been marked as abuse","messageMarkedAsAbuse@board:TKB":"This article has been marked as abuse","messageMarkedAsAbuse@board:BLOG":"This post has been marked as abuse","messageMarkedAsAbuse@board:FORUM":"This discussion has been marked as abuse","messageMarkedAsAbuse@board:OCCASION":"This event has been marked as abuse","messageMarkedAsAbuse@board:IDEA":"This idea has been marked as abuse","preModCommentAuthorText":"This comment will be published as soon as it is approved","preModCommentModeratorText":"This comment is awaiting moderation","messageMarkedAsOther":"This post has been rejected due to other reasons","messageMarkedAsOther@board:TKB":"This article has been rejected due to other reasons","messageMarkedAsOther@board:BLOG":"This post has been rejected due to other reasons","messageMarkedAsOther@board:FORUM":"This discussion has been rejected due to other reasons","messageMarkedAsOther@board:OCCASION":"This event has been rejected due to other reasons","messageMarkedAsOther@board:IDEA":"This idea has been rejected due to other reasons","messageArchived":"This post was archived on {date}","relatedUrl":"View Related Content","relatedContentText":"Showing related content","archivedContentLink":"View Archived Content"},"localOverride":false},"CachedAsset:text:en_US-components/tkbs/TkbArticleWidget-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/tkbs/TkbArticleWidget-1728320186000","value":{},"localOverride":false},"Category:category:Forums":{"__typename":"Category","id":"category:Forums","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:TechnicalForum":{"__typename":"Forum","id":"board:TechnicalForum","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:WaterCooler":{"__typename":"Forum","id":"board:WaterCooler","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:DevCentralNews":{"__typename":"Tkb","id":"board:DevCentralNews","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:GroupsCategory":{"__typename":"Category","id":"category:GroupsCategory","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:F5-Groups":{"__typename":"Category","id":"category:F5-Groups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CommunityGroups":{"__typename":"Category","id":"category:CommunityGroups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Occasion:board:Events":{"__typename":"Occasion","id":"board:Events","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"occasionPolicies":{"__typename":"OccasionPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Idea:board:Suggestions":{"__typename":"Idea","id":"board:Suggestions","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"ideaPolicies":{"__typename":"IdeaPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CrowdSRC":{"__typename":"Category","id":"category:CrowdSRC","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:codeshare":{"__typename":"Tkb","id":"board:codeshare","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:communityarticles":{"__typename":"Tkb","id":"board:communityarticles","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:security-insights":{"__typename":"Tkb","id":"board:security-insights","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:article-series":{"__typename":"Tkb","id":"board:article-series","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"CachedAsset:text:en_US-components/customComponent/CustomComponent-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/customComponent/CustomComponent-1728320186000","value":{"errorMessage":"Error rendering component id: {customComponentId}","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/community/Navbar-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1728320186000","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit Navigation Bar","skipContent":"Skip to content","migrated-link-9":"Groups","migrated-link-7":"Technical Articles","migrated-link-8":"DevCentral News","migrated-link-1":"Technical Forum","migrated-link-10":"Community Groups","migrated-link-2":"Water Cooler","migrated-link-11":"F5 Groups","migrated-link-0":"Forums","article-series":"Article Series","migrated-link-5":"Community Articles","migrated-link-6":"Articles","security-insights":"Security Insights","migrated-link-3":"CrowdSRC","migrated-link-4":"CodeShare","migrated-link-12":"Events","migrated-link-13":"Suggestions"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1728320186000","value":{"hamburgerLabel":"Side Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1728320186000","value":{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1728320186000","value":{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1728320186000","value":{"title.login":"Sign In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1728320186000","value":{"place":"Place {name}"},"localOverride":false},"QueryVariables:TopicReplyList:message:280330:1":{"__typename":"QueryVariables","id":"TopicReplyList:message:280330:1","value":{"id":"message:280330","first":10,"sorts":{"postTime":{"direction":"ASC"}},"repliesFirst":3,"repliesFirstDepthThree":1,"repliesSorts":{"postTime":{"direction":"ASC"}},"useAvatar":true,"useAuthorLogin":true,"useAuthorRank":true,"useBody":true,"useKudosCount":true,"useTimeToRead":false,"useMedia":false,"useReadOnlyIcon":false,"useRepliesCount":true,"useSearchSnippet":false,"useAcceptedSolutionButton":false,"useSolvedBadge":false,"useAttachments":false,"attachmentsFirst":5,"useTags":true,"useNodeAncestors":false,"useUserHoverCard":true,"useNodeHoverCard":false,"useModerationStatus":true,"usePreviewSubjectModal":false,"useMessageStatus":true}},"ROOT_MUTATION":{"__typename":"Mutation"},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1728320186000","value":{"title":"Query Handler"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1728320186000","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewStandard-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewStandard-1728320186000","value":{"anonymous":"Anonymous","author":"{messageAuthorLogin}","authorBy":"{messageAuthorLogin}","board":"{messageBoardTitle}","replyToUser":" to {parentAuthor}","showMoreReplies":"Show More","replyText":"Reply","repliesText":"Replies","markedAsSolved":"Marked as Solved","movedMessagePlaceholder.BLOG":"{count, plural, =0 {This comment has been} other {These comments have been} }","movedMessagePlaceholder.TKB":"{count, plural, =0 {This comment has been} other {These comments have been} }","movedMessagePlaceholder.FORUM":"{count, plural, =0 {This reply has been} other {These replies have been} }","movedMessagePlaceholder.IDEA":"{count, plural, =0 {This comment has been} other {These comments have been} }","movedMessagePlaceholder.OCCASION":"{count, plural, =0 {This comment has been} other {These comments have been} }","movedMessagePlaceholderUrlText":"moved.","messageStatus":"Status: ","statusChanged":"Status changed: {previousStatus} to {currentStatus}","statusAdded":"Status added: {status}","statusRemoved":"Status removed: {status}","labelExpand":"expand replies","labelCollapse":"collapse replies","unhelpfulReason.reason1":"Content is outdated","unhelpfulReason.reason2":"Article is missing information","unhelpfulReason.reason3":"Content is for a different Product","unhelpfulReason.reason4":"Doesn't match what I was searching for"},"localOverride":false},"CachedAsset:text:en_US-components/messages/ThreadedReplyList-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/ThreadedReplyList-1728320186000","value":{"title":"{count, plural, one{# Reply} other{# Replies}}","title@board:BLOG":"{count, plural, one{# Comment} other{# Comments}}","title@board:TKB":"{count, plural, one{# Comment} other{# Comments}}","title@board:IDEA":"{count, plural, one{# Comment} other{# Comments}}","title@board:OCCASION":"{count, plural, one{# Comment} other{# Comments}}","noRepliesTitle":"No Replies","noRepliesTitle@board:BLOG":"No Comments","noRepliesTitle@board:TKB":"No Comments","noRepliesTitle@board:IDEA":"No Comments","noRepliesTitle@board:OCCASION":"No Comments","noRepliesDescription":"Be the first to reply","noRepliesDescription@board:BLOG":"Be the first to comment","noRepliesDescription@board:TKB":"Be the first to comment","noRepliesDescription@board:IDEA":"Be the first to comment","noRepliesDescription@board:OCCASION":"Be the first to comment","messageReadOnlyAlert:BLOG":"Comments have been turned off for this post","messageReadOnlyAlert:TKB":"Comments have been turned off for this article","messageReadOnlyAlert:IDEA":"Comments have been turned off for this idea","messageReadOnlyAlert:FORUM":"Replies have been turned off for this discussion","messageReadOnlyAlert:OCCASION":"Comments have been turned off for this event"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageReplyCallToAction-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageReplyCallToAction-1728320186000","value":{"leaveReply":"Leave a reply...","leaveReply@board:BLOG@message:root":"Leave a comment...","leaveReply@board:TKB@message:root":"Leave a comment...","leaveReply@board:IDEA@message:root":"Leave a comment...","leaveReply@board:OCCASION@message:root":"Leave a comment...","repliesTurnedOff.FORUM":"Replies are turned off for this topic","repliesTurnedOff.BLOG":"Comments are turned off for this topic","repliesTurnedOff.TKB":"Comments are turned off for this topic","repliesTurnedOff.IDEA":"Comments are turned off for this topic","repliesTurnedOff.OCCASION":"Comments are turned off for this topic","infoText":"Stop poking me!"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1728320186000","value":{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1728320186000","value":{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message {Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been removed from the community.","videoProcessing":"Video is being processed. Please try again in a few minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageCustomFields-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageCustomFields-1728320186000","value":{"CustomField.default.label":"Value of {name}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageRevision-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageRevision-1728320186000","value":{"lastUpdatedDatePublished":"{publishCount, plural, one{Published} other{Updated}} {date}","lastUpdatedDateDraft":"Created {date}","version":"Version {major}.{minor}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageReplyButton-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageReplyButton-1728320186000","value":{"repliesCount":"{count}","title":"Reply","title@board:BLOG@message:root":"Comment","title@board:TKB@message:root":"Comment","title@board:IDEA@message:root":"Comment","title@board:OCCASION@message:root":"Comment"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageAuthorBio-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageAuthorBio-1728320186000","value":{"sendMessage":"Send Message","actionMessage":"Follow this blog board to get notified when there's new activity","coAuthor":"CO-PUBLISHER","contributor":"CONTRIBUTOR","userProfile":"View Profile","iconlink":"Go to {name} {type}"},"localOverride":false},"CachedAsset:text:en_US-components/guides/GuideBottomNavigation-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/guides/GuideBottomNavigation-1728320186000","value":{"nav.label":"Previous/Next Page","nav.previous":"Previous","nav.next":"Next"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1728320186000","value":{"authorName":"View Profile: {author}","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserRank-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserRank-1728320186000","value":{"rankName":"{rankName}","userRank":"Author rank {rankName}"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserRegistrationDate-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserRegistrationDate-1728320186000","value":{"noPrefix":"{date}","withPrefix":"Joined {date}"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagView/TagViewChip-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagView/TagViewChip-1728320186000","value":{"tagLabelName":"Tag name {tagName}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1728320186000","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/ranks/UserRankLabel-1728320186000","value":{"altTitle":"Icon for {rankName} rank"},"localOverride":false}}}},"page":"/kbs/TkbMessagePage/TkbMessagePage","query":{"boardId":"technicalarticles","messageSubject":"dns-irules-protect-yourself-from-any-amplification-attacks","messageId":"280330"},"buildId":"_FASV5DDw52YaqfBDLqsB","runtimeConfig":{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","openTelemetryClientEnabled":false,"openTelemetryConfigName":"f5","openTelemetryServiceVersion":"24.11.0","openTelemetryUniverse":"prod","openTelemetryCollector":"http://localhost:4318","openTelemetryRouteChangeAllowedTime":"5000","apolloDevToolsEnabled":false},"isFallback":false,"isExperimentalCompile":false,"dynamicIds":["./components/customComponent/CustomComponent/CustomComponent.tsx","./components/community/Navbar/NavbarWidget.tsx","./components/community/Breadcrumb/BreadcrumbWidget.tsx","./components/tkbs/TkbArticleWidget/TkbArticleWidget.tsx","./components/messages/MessageView/MessageViewStandard/MessageViewStandard.tsx","./components/messages/ThreadedReplyList/ThreadedReplyList.tsx","../shared/client/components/common/List/UnwrappedList/UnwrappedList.tsx","./components/tags/TagView/TagView.tsx","./components/tags/TagView/TagViewChip/TagViewChip.tsx"],"appGip":true,"scriptLoader":[]}