[dnsdist] DnsDist Disable TCP

bert hubert bert.hubert at netherlabs.nl
Wed Sep 2 09:14:57 UTC 2015


On Wed, Sep 02, 2015 at 11:21:42AM +0300, Burak Ozalp wrote:
> addAction(MaxQPSIPRule(5), NoRecurseAction()) option, but it gets
> the following error;

This probably means you are not running the most current version of dnsdist.
Perhaps https://repo.powerdns.com/ might be helpful for you?

Good luck!

	Bert

> 
> Fatal error: [string "chunk"]:7: attempt to call global
> 'MaxQPSIPRule' (a nil value)
> 
> We tested for both cases(inside the blockfilter function and global
> call) it gives same error.
> 
> Thanks a lot
> 
> Best Regards
> Burak Ozalp
> 
> 
> Alinti bert hubert <bert.hubert at netherlabs.nl>
> 
> >On Wed, Sep 02, 2015 at 09:58:10AM +0300, Burak Ozalp wrote:
> >>I did pull and make a clean install. However, in new branch,
> >>dnsdist.1 file was removed.For that reason, i had the following
> >>error while make;
> >
> >Can you run ./populate? If this solves it I know what I need to do.
> >
> >>newServer{address="8.8.8.8", qps=5}
> >>Then i test with DNS flood attack, and i assumed that the max answer
> >>query per second is 5. Bu it wasn't. What is the main purpose of qps
> >>limit? Is it for forwarding queries?
> >
> >This is meant if you have multiple servers, and you want to restrict the qps
> >each server receives. However, once all servers are at the qps limit, it
> >will start broadcasting queries to all servers in round robin fashion again
> >so this is not what you want.
> >
> >What do you want? If you get >5 qps, drop everything above that and
> >disappoint your users? This will mostly increase the traffic even because of
> >retransmits.
> >
> >So what you could do is do:
> >
> >addQPSLimit("0.0.0.0/0", 5)
> >
> >And this gets you what you originally wanted, drop everything in excess of 5
> >qps.
> >
> >But you might be more interested in this:
> >
> >addAction(MaxQPSIPRule(5), NoRecurseAction())
> >
> >This strips the recursion desired bit from every query beyond 5 qps *per IP
> >address*. So this limits any individual IP to 5 qps of 'work' for your
> >resolver.
> >
> >Or try this:
> >
> >addDelay(MaxQPSIPRule(5), 1000)
> >
> >This delays questions by 1 second beyond 5qps.
> >
> >Perhaps this would work for you?
> >
> >	Bert
> >
> >
> >>"
> >>
> >>Thank you.
> >>
> >>Best Regards
> >>Burak Ozalp
> >>
> >>
> >>
> >>
> >>
> >>Alinti bert hubert <bert.hubert at netherlabs.nl>
> >>
> >>>On Tue, Sep 01, 2015 at 05:22:41PM +0300, Burak Ozalp wrote:
> >>>>Hi Bert,
> >>>>
> >>>>I tested wrongly the commit you did about disable-tcp, i got some
> >>>>compilation errors when i run make command with new 3 files.
> >>>
> >>>Can you git pull and try again? Thanks!
> >>>
> >>
> >>
> >>
> >>
> >
> 
> 
> 
> 
> _______________________________________________
> dnsdist mailing list
> dnsdist at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/dnsdist
> 




More information about the dnsdist mailing list