[dnsdist] Rate Limiting Against DDOS

Aleš Rygl ales at rygl.net
Thu Jan 14 15:40:41 UTC 2016 

Hi Alejandro,

I am using a tiny dnsdist setup (so far) together with keepalived on two boxes. There are following servers configured:

newServer({address="93.153.116.35:53", name="rzt-entdns3", qps=1000, order=1, weight=1, retries=5, tcpSendTimeout=30, tcpRecvTimeout=30})
newServer({address="127.0.0.1:53", name="rzt-entdns2", qps=1000, order=1, weight=1, retries=5, tcpSendTimeout=30, tcpRecvTimeout=30})
setServerPolicy(wrandom)
controlSocket("127.0.0.1") 
addLocal("93.153.116.33:53")

dnsdist listens on 93.153.116.33 (VIP) and distributes queries to 127.0.0.1 (local recursor) and renote one at 93.153.116.35.
Using keepalived collocated with an recursor can migrate VIP and play with the servers without an impact and have just two boxes. No rocket science, just works.

Ales



On Thursday 14 of January 2016 15:24:26 Alejandro Adroher Mellado wrote:
> I am able to make work dnsdist and recursors only when they are placed on
> different servers, when I do that on the same server as I want (can someone
> tell me if it's a good practice?), I cannot reach to LISTEN udp on port 53
> ....
> 
> -----Original Message-----
> From: dnsdist-bounces at mailman.powerdns.com
> [mailto:dnsdist-bounces at mailman.powerdns.com] On Behalf Of Pieter Lexis
> Sent: jueves, 14 de enero de 2016 16:05
> To: dnsdist at mailman.powerdns.com
> Subject: Re: [dnsdist] Rate Limiting Against DDOS
> 
> Hi Alejandro,
> 
> On Thu, 14 Jan 2016 15:01:28 +0000
> 
> Alejandro Adroher Mellado <alejandro.adroher at omniaccess.com> wrote:
> > (on documentation is placed on /etc/dnsdist.conf but on my recent
> > installed dnsdist it's placed on /etc/init/dnsdist.conf)
> 
> The correct location (when using a package) is /etc/dnsdist/dnsdist.conf.
> The /etc/init/dnsdist.conf is for the upstart init-system.
> 
> --
> Pieter Lexis
> PowerDNS.COM BV -- https://www.powerdns.com
> 
> _______________________________________________
> dnsdist mailing list
> dnsdist at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/dnsdist
> 
> _______________________________________________
> dnsdist mailing list
> dnsdist at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/dnsdist

More information about the dnsdist mailing list