Fast DNS

Problem this snippet solves:

This iRule replys to query for "www.f5.com" (offload this query from server) and leave other queries as is. It can be applied to DNS security (to provide immediate action), such as, to filter out invalid/bad domain, etc.

Code :

#
# LTM DNS offload sample
# This iRule replys to query for "www.f5.com" (offload this query from server) and leave other queries as is.
# It can be applied to DNS security, such as, to filter out invalid/bad domain, etc.
#
when RULE_INIT  {
    # Header generation (in hexadecimal)
    # qr(1) opcode(0000) AA(1) TC(0) RD(1) RA(1) Z(000) RCODE(0000)
    set ::header "8580"
    # 1 question, 1 answer, 0 NS, 0 Addition
    set ::header "${::header}0001000100000000"
    # Name = www f5 com
    set ::answer "0377777702663503636f6d00"
    # Type = A
    set ::answer "${::answer}0001"
    # Class = IN
    set ::answer "${::answer}0001"
    # TTL = 1 day
    set ::answer "${::answer}00015180"
    # Data length = 4
    set ::answer "${::answer}0004"
    # Address = 65.197.145.23
    set ::answer "${::answer}41c59117"
}
when CLIENT_DATA {
    binary scan [UDP::payload] H4@12A*@12H* id dname question
    set dname [string tolower [getfield $dname \x00 1 ] ]
    switch -glob $dname {
        "\x03www\x02f5\x03com" {
            #log local0. "match www.f5.com"
            set payload [binary format H* ${id}${::header}${question}${::answer} ]
            drop
            UDP::respond $payload
        }
        default {
            #log local0. "does not match"
        }
    }
}