20 Lines or Less: Security Headers and DNS
Published Mar 14, 2016
Version 1.0Was this article helpful?
Thanks Jason for including one (two!) of my solutions in the 20LinesOrLess series... 😉
@Jie: The
DNS::answer clear
is required in this case to sanitize the existing DNS answer, to make sure that only the blacklist response is send to the client. If you skip the DNS::answer clear
, then it may become a RR DNS response. But you could also directly DNS respond to the request using the DNS_REQUEST event (not implemented in this specific iRule). In this case you don't need to DNS::answer clear
the answer, since you would build the answer completely from the scratch...
Cheers, Kai