[dnsdist] DnsDist Disable TCP
bert hubert
bert.hubert at netherlabs.nl
Wed Sep 2 12:59:38 UTC 2015
On Wed, Sep 02, 2015 at 03:52:11PM +0300, Burak Ozalp wrote:
> Our problem is that we don't know the source address. Our aim is the
> defence against DDos Attacks, we should limit for all different
> IP's. As a result, when an attacker attacks our server, we need to
> not drop innocent requests.
Ok, then do:
addAction(MaxQPSIPRule(5), DropAction())
On the latest packages. Limits each individual IP to 5 QPS, drops beyond
that.
Bert
>
> Best Regards
> Burak Ozalp
>
> Alinti bert hubert <bert.hubert at netherlabs.nl>
>
> >On Wed, Sep 02, 2015 at 02:31:33PM +0300, Burak Ozalp wrote:
> >>Hi Bert;
> >>
> >>AddQPS is the best option for us. Is it possible to apply
> >>addQPSLimit for individual IP's ?
> >
> >Yes, as outlined in the documentation ->
> >https://github.com/PowerDNS/pdns/blob/master/pdns/README-dnsdist.md#per-domain-or-subnet-qps-limiting
> >
> >You can add as many subnets as you want, or individual IPs etc.
> >
> >Good luck!
> >
> > Bert
> >
> >>
> >>Best Regards
> >>Burak Ozalp
> >>
> >>Alinti bert hubert <bert.hubert at netherlabs.nl>
> >>
> >>>On Wed, Sep 02, 2015 at 02:08:38PM +0300, Burak Ozalp wrote:
> >>>>With the current version of RPM i get no error. However,
> >>>>addAction(MaxQPSIPRule(5), NoRecurseAction()) , didn't do its job.
> >>>>Should we use both addQPSLimit and addAction together for limiting
> >>>>indivual IP to 5 qps?
> >>>
> >>>No, addQPSLimit alone is fine. The addAction is only if you
> >>want to drop the
> >>>RD-bit for traffic that exceeds the QPS limit.
> >>>
> >>> Bert
> >>>
> >>
> >>
> >>
> >>
> >>_______________________________________________
> >>dnsdist mailing list
> >>dnsdist at mailman.powerdns.com
> >>http://mailman.powerdns.com/mailman/listinfo/dnsdist
> >>
> >
>
>
>
>
> _______________________________________________
> dnsdist mailing list
> dnsdist at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/dnsdist
>
More information about the dnsdist
mailing list