v11.1: DNS Blackhole with iRules

Back in October, I attended a Security B-Sides event in Jefferson City (review here). One of the presenters (@bethayoung) talked about poisoning the internal DNS intentionally for known purveyors of ...
Updated Mar 16, 2022
Version 2.0
adn
application delivery
BIG-IP
dev
devops
dns
iRules
management
news
tech tip
JRahm's avatar
Icon for Admin rankAdmin
Christ Follower, Husband, Father, Technologist. I love community and I especially love THIS community. My background is networking, but I've dabbled in all the F5 iStuff, I'm a recovering Perl guy, and am very much a python enthusiast. Learning alongside all of you in this accelerating industry toward modern apps and architectures.
View Profile
JRahm's avatar
Icon for Admin rankAdmin
Christ Follower, Husband, Father, Technologist. I love community and I especially love THIS community. My background is networking, but I've dabbled in all the F5 iStuff, I'm a recovering Perl guy, and am very much a python enthusiast. Learning alongside all of you in this accelerating industry toward modern apps and architectures.
View Profile
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Dec 28, 2011
Nice iRule!

 

 

You could save a little bit of CPU time by changing the == to eq to do a string comparison without polymorphism:

 

 

if {!([DNS::question name] == ".")} {

 

->

 

if {!([DNS::question name] eq ".")} {

 

 

Aaron