[prev in list] [next in list] [prev in thread] [next in thread]
List: pdns-users
Subject: Re: [Pdns-users] Rate Limiting Against DDOS
From: bert hubert <bert.hubert () powerdns ! com>
Date: 2016-01-14 9:00:40
Message-ID: 20160114090039.GA17459 () xs ! powerdns ! com
[Download RAW message or body]
On Thu, Jan 14, 2016 at 08:45:29AM +0000, Alejandro Adroher Mellado wrote:
> Morning Everyone!!
GOOD MORNING!
> I'm trying to rate limit the number of queries per second allowed on my DNS recursor, using iptables.
> I'm using a modified script who works perfectly, but I'm limited for one of the settings.
Unless you are seeing hundreds of thousands of queries per second, dnsdist
might be a better choice for you, http://dnsdist.org/
It has a bunch of simple settings that probably do just what you want.
See for example:
https://github.com/PowerDNS/pdns/blob/master/pdns/README-dnsdist.md#per-domain-or-subnet-qps-limiting
But dnsdist offers way more than that to help you. You might for example
delay some answers, or strip the RD bit so your servers don't need to do any
work for certain subnets etc.
> How do you rate limit your DNS servers?
With dnsdist. Feel free to join us on the dnsdist mailinglist
(http://mailman.powerdns.com/mailman/listinfo/dnsdist ) and let's see if we
can make a nice config for you.
Bert
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic