[dnsdist] DnsDist Disable TCP

Burak Ozalp burak.ozalp at metu.edu.tr
Wed Sep 2 12:52:11 UTC 2015


Hi Bert;

Our problem is that we don't know the source address. Our aim is the  
defence against DDos Attacks, we should limit for all different IP's.  
As a result, when an attacker attacks our server, we need to not drop  
innocent requests.

Best Regards
Burak Ozalp

Alinti bert hubert <bert.hubert at netherlabs.nl>

> On Wed, Sep 02, 2015 at 02:31:33PM +0300, Burak Ozalp wrote:
>> Hi Bert;
>>
>> AddQPS is the best option for us. Is it possible to apply
>> addQPSLimit for individual IP's ?
>
> Yes, as outlined in the documentation ->
> https://github.com/PowerDNS/pdns/blob/master/pdns/README-dnsdist.md#per-domain-or-subnet-qps-limiting
>
> You can add as many subnets as you want, or individual IPs etc.
>
> Good luck!
>
> 	Bert
>
>>
>> Best Regards
>> Burak Ozalp
>>
>> Alinti bert hubert <bert.hubert at netherlabs.nl>
>>
>> >On Wed, Sep 02, 2015 at 02:08:38PM +0300, Burak Ozalp wrote:
>> >>With the current version of RPM i get no error. However,
>> >>addAction(MaxQPSIPRule(5), NoRecurseAction()) , didn't do its job.
>> >>Should we use both addQPSLimit and addAction together for limiting
>> >>indivual IP to 5 qps?
>> >
>> >No, addQPSLimit alone is fine. The addAction is only if you want  
>> to drop the
>> >RD-bit for traffic that exceeds the QPS limit.
>> >
>> >	Bert
>> >
>>
>>
>>
>>
>> _______________________________________________
>> dnsdist mailing list
>> dnsdist at mailman.powerdns.com
>> http://mailman.powerdns.com/mailman/listinfo/dnsdist
>>
>







More information about the dnsdist mailing list