[Pdns-users] DNS RRL for PowerDNS
Mark Scholten
mark at streamservice.nl
Thu Sep 13 12:01:39 UTC 2012
Hello Peter and Klaus,
Sent: 13 September, 2012 12:11 by Peter van Dijk:
>
> On Sep 13, 2012, at 12:09 , Klaus Darilion wrote:
>
> > Interesting.
> >
> > Is the hook executed before or after the caches?
>
> The hook is executed after the caches, currently. I do not feel the
current
> hook implementation is suitable for RRL production; I do think it's a
great
> playground for writing rate limiting scripts. The exact placement of hooks
> would be based on suggestions and requests from those writing the scripts.
If you want to do rate limiting against being used in a DDOS you really want
to have it before any cache. The current location is good if you want to
protect your backend from getting to many requests it can't handle.
> > I am confused about the results in
> http://mailman.powerdns.com/pipermail/pdns-dev/2012-June/001179.html It
> seems that powerdns is slower without the LUA rate limiting script. What
do I
> miss here?
>
> Not sure - perhaps Mark can clarify.
If the LUA rate limiting script is used the backend (MySQL in this test)
doesn't get the requests and doesn't have to answer them. Only the first 500
in result set #2 are answered, the other requests are dropped and never go
to the backend.
This is causing the performance drop as far as I can see.
> > Is there also a reliable filtering logic available as LUA script (e.g.
similar to
> the DNS RRL logic)?
>
>
> I'm not aware of any scripts outside of that thread.
Kind regards,
Mark Scholten
More information about the Pdns-users
mailing list