[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-misc
Subject: Re: limit UDP connection rate with PF pass rule
From: Stuart Henderson <stu () spacehopper ! org>
Date: 2020-11-21 15:02:53
Message-ID: slrnrrib0t.9vl.stu () naiad ! spacehopper ! org
[Download RAW message or body]
On 2020-11-18, mabi <mabi@protonmail.ch> wrote:
> > The DNS RRL techniques typically still reply to a proportion of queries
> > (either directly with the answer, or with a "retry over TCP" response
> > code) reducing impact if the source IP is also used by real queries as
> > well as the attack traffic.
>
> I've been looking into that in the past and as I am using PowerDNS 4.0.3 the only \
> valid config parameters I could find and which I already have in place are the \
> following:
> overload-queue-length=1
> max-tcp-connections=5
>
> There is as far as I know no such parameter as "max-udp-connections".
>
>
From what I can tell PowerDNS authoritative server doesn't handle
this directly but you can implement it by front-ending with dnsdist.
That isn't OpenBSD-specific so you are better asking on their mailing
lists if you need help with this.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic