<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">
<div class="" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">Ooops.. managed to do a direct reply, instead of to the ML, but Remi beat me to it:</div>
<div class="" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);"><br class="">
</div>
<div class="" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">I don’t think the full time has to elapse before it’s evaluated, as long as your QPS is guaranteed to exceed the limit within the given timeframe.</div>
<div class="" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);"><br class="">
</div>
<div class="" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">So e.g. if you allow 1 RPS per 10 second, doing 11RPS in the first second, should still trigger the block (after all the 11/10 is above 1).</div>
<div class="" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);"><br class="">
</div>
<div class="" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">At least that’s how I’d expect it to work. The average for the time has to be exceeded. So a flood should often trigger quicker than the full elapsed time.</div>
<div class="" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);"><br class="">
</div>
<div class="" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">Would be so nice if reply-to was set to the ML email 😅</div>
<div><br class="">
<blockquote type="cite" class="">
<div class="">On 24 Feb 2022, at 00:20, Willis, Michael via dnsdist <<a href="mailto:dnsdist@mailman.powerdns.com" class="">dnsdist@mailman.powerdns.com</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">
Hello Remi,</div>
<div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">
<br class="">
</div>
<div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">
Thank you for the quick response!</div>
<div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">
I had really just set the "ANY" trigger really low so that it would invoke, and I could verify that the rules were applying.</div>
<div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">If I update it with the dbr rule you provided, it does indeed create a block after the first request. (yay).</span><br class="">
</div>
<div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class=""><br class="">
</span></div>
<div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">I changed the to rule to:</span></div>
<div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">dbr:setQTypeRate(DNSQType.ANY, 1, 10, "Exceeded ANY rate", 600)<br class="">
</span></div>
<div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">
After testing It looks like the entire 10 seconds needed to elapse before the rule is evaluated.</div>
<div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">
I was not expecting this logic, and that was tripping me up. I was thinking that the rules were not applying at all.</div>
<div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">I definitely want to enable sensible rules for an auth server with 2500 zones and an average of 14k'ish QPS.</span><br class="">
</div>
<div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class=""><br class="">
</span></div>
<div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">Thank you very much for your time!</span></div>
<div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class=""><br class="">
</span></div>
<div style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class="">-Mike Willis </span><br class="">
</div>
<div id="appendonsend" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="">
</div>
<hr tabindex="-1" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; display: inline-block; width: 834.953125px;" class="">
<span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class=""></span>
<div id="divRplyFwdMsg" dir="ltr" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="">
<font face="Calibri, sans-serif" style="font-size: 11pt;" class=""><b class="">From:</b><span class="Apple-converted-space"> </span>dnsdist <<a href="mailto:dnsdist-bounces@mailman.powerdns.com" class="">dnsdist-bounces@mailman.powerdns.com</a>> on behalf of
Remi Gacogne via dnsdist <<a href="mailto:dnsdist@mailman.powerdns.com" class="">dnsdist@mailman.powerdns.com</a>><br class="">
<b class="">Sent:</b><span class="Apple-converted-space"> </span>Wednesday, February 23, 2022 10:59 AM<br class="">
<b class="">To:</b><span class="Apple-converted-space"> </span><a href="mailto:dnsdist@mailman.powerdns.com" class="">dnsdist@mailman.powerdns.com</a> <<a href="mailto:dnsdist@mailman.powerdns.com" class="">dnsdist@mailman.powerdns.com</a>><br class="">
<b class="">Subject:</b><span class="Apple-converted-space"> </span>Re: [dnsdist] How to apply dynamic rules with pools?</font>
<div class=""> </div>
</div>
<div class="BodyFragment" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">
<font size="2" class=""><span style="font-size: 11pt;" class="">
<div class="PlainText">Hi Mike,<br class="">
<br class="">
On 23/02/2022 16:49, Willis, Michael via dnsdist wrote:<br class="">
> I have intentionally set the trigger for "ANY" to 1 ever 100 seconds, so<span class="Apple-converted-space"> </span><br class="">
> it will trigger and stay triggered.<br class="">
> This is so I can verify the correct rule is applying.<br class="">
<br class="">
> dbr:setQTypeRate(DNSQType.ANY, 1, 100, "Exceeded ANY rate", 600)<br class="">
<br class="">
This rule is saying "block, for 600 seconds, clients that have been<span class="Apple-converted-space"> </span><br class="">
sending more than one ANY query per second over the last 100 seconds",<span class="Apple-converted-space"> </span><br class="">
so one query is not going to be enough to trigger the block.<br class="">
<br class="">
You could try this one instead:<br class="">
<br class="">
dbr:setQTypeRate(DNSQType.ANY, 0, 1, "Exceeded ANY rate", 600)<br class="">
<br class="">
This will block any client that has been sending more than 0 ANY query<span class="Apple-converted-space"> </span><br class="">
per second over the last second. In my test this results in getting<span class="Apple-converted-space"> </span><br class="">
blocked right away after sending your first ANY query. I'm not sure I<span class="Apple-converted-space"> </span><br class="">
would recommend such a drastic rule, but that's a different matter :)<br class="">
<br class="">
Hope that helps,<br class="">
--<span class="Apple-converted-space"> </span><br class="">
Remi Gacogne<br class="">
<a href="http://PowerDNS.COM" class="">PowerDNS.COM</a> BV -<span class="Apple-converted-space"> </span><a href="https://www.powerdns.com/" class="">https://www.powerdns.com/</a><br class="">
</div>
</span></font></div>
<span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">_______________________________________________</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="">
<span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">dnsdist
mailing list</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="">
<span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class=""><a href="mailto:dnsdist@mailman.powerdns.com" class="">dnsdist@mailman.powerdns.com</a></span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="">
<span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class=""><a href="https://mailman.powerdns.com/mailman/listinfo/dnsdist" class="">https://mailman.powerdns.com/mailman/listinfo/dnsdist</a></span></div>
</blockquote>
</div>
<br class="">
</body>
</html>