[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pdns-users
Subject:    Re: [Pdns-users] Throttling DNS requests in PowerDNS recursor
From:       Peter van Dijk <peter.van.dijk () netherlabs ! nl>
Date:       2014-06-30 6:31:03
Message-ID: 0527506B-8624-49AF-9B8D-58FB6144D75C () netherlabs ! nl
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


Hello,

On 25 Jun 2014, at 18:26 , Aki Tuomi <cmouse@youzen.ext.b2.fi> wrote:

> On Wed, Jun 25, 2014 at 11:33:44AM -0400, Edwin wrote:
> > I was wondering if it is possible to throttle/rate-limit DNS
> > requests that are incoming to a PowerDNS recursing server, without
> > having to rely on IPtables. A little of context, we are getting
> > thousands of requests per second to our resolvers from some (a
> > handful) IP addresses, and we wish to proactively throttle requests
> > when the query rate exceeds a certain threshold, in order to avoid
> > the abuse of our servers.
> 
> The 3.6.0 version combined with a particular LUA script will achieve this. See
> http://mailman.powerdns.com/pipermail/pdns-dev/2014-June/001452.html
> 
> And 
> https://github.com/Habbie/pdns/blob/luapolicy/pdns/policy-example-rrl.lua

That script is for the upcoming auth release. The Lua interface in the Recursor has \
different hooks (but porting scripts is doable). That specific script will do no good \
for your Recursor issues, however.

This may interest you: \
http://blog.powerdns.com/2014/04/03/further-dos-guidance-packages-and-patches-available/


Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/


["signature.asc" (signature.asc)]

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTsQQnAAoJENz1E/p+7RnzvksQAOKrf+EWvD2aECEGwWiSfHeT
tkRNUHtJQq9DmXRWF94qrqmThlSlh/ES+f9gVUP28LsJnZlJ3djHbmU69fQox+BR
ZY1/kfaDlZPBnpOjcMO6wyNk4FFBHu8Eoh7XfjnsqUJiISmTawGA0gzIIUynIGpK
AoBLHemXBVrXr1h2H/YAPhGyWo2xGy6sbzvJ/HhqVLFdzafhAPmx0wks9SJ5PHZ5
+nhy5CA8lsDobEm68AzUkN1m38VHpiRqCzD8My/5wc64Spx4D+SeHflimkwblBpj
MPttGr3p2N0Dytzo2OB8ZXiQ0JXsZ/TeiIlhIHGvIkfISTY8sJpIh8803CARGqVZ
iDdYgNNyNojF9KwiISD0HCD3B7BaZ36KaAbWShXFcWfcQnEWeCNRH2TiPHZHTjGE
s35yvDn05K9O9u/kg4e6hzsOSUUVO19Wi3EtVE54d5LvG5wQugInTmh8d+VOfGwu
YprpT+eg1z/l9zJOfiZgFMcaQUA65qBAhADm6GsejKktVyPg9lIZk2/Mn3RRVK8/
+N80bANzh35ZppRWKfDoiimR7EbYnZeKj/1cfrwIrkoFQlwDjEyXRxowB/mDGUwo
m1UfTNe9NHIKq7+KQR75ge/ZsLtlrw3ZMPNhz3yaipKKSRNCTf2Sgd0Be/oqwbBh
zezhePozikM04GONkyrs
=f2+h
-----END PGP SIGNATURE-----


_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users


[prev in list] [next in list] [prev in thread] [next in thread]