[dnsdist] Block Random queries

Federico Olivieri lvrfrc87 at gmail.com
Wed Jun 8 14:53:52 UTC 2016


Hi guys for both responses. I was thinking more something to u32 module on
iptables. Let me be clear: the only fix values are the length of the random
charters that is "8" and the mix letters/numbers. What I was trying to do
is something like:

If the first 8 characters are random
and there are more then 2 numbers
then block
else allow

Anyone can suggest me something for that?

Regards

Federico

2016-06-08 14:55 GMT+01:00 AleŇ° Rygl <ales at rygl.net>:

> Hi Frederico.
>
> It is imho almost impossible to block such queries. They are usually
> running at low rates per client per second but from many clients... I have
> already opened a feature request for a dynamic rule that would allow to
> insert rules based on dnsdist statistics of responses:
> https://github.com/PowerDNS/pdns/issues/3888
>
> In the mean time it could be done by an external script grabing
> topResponses from dnsdist, analyzing them ans install a rule.
>
> Regards
>
> Ales
>
>
>
> On Wed, 8 Jun 2016 13:53:37 +0100, Federico Olivieri wrote:
>
> Hi everybody,
> My server receives some random queries as xfz3421xc.domain.com,
> jh65jj3e.domain2.com
> Can someone suggests some LUA script to block these kind of random queries?
>
> Thanks
> Federico
>
>
> _______________________________________________
> dnsdist mailing list
> dnsdist at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20160608/e8ba043e/attachment.html>


More information about the dnsdist mailing list