[dnsdist] dynamic QPS limiting per domain in dnsdist

Bart Mortelmans pdns-users at bart.bim.be
Wed Mar 15 15:49:53 UTC 2017


I've been testing dnsdist to use it in front of an authoritative 
nameserver. We recently had trouble with large amounts of requests 
coming in directly on our PowerDNS for random subdomains of one specific 
domain name. With dnsdist, if I notice such a situation, I can manually 
limit the harm done to other domain names with something like

addQPSLimit("example.org.", 1000)

But what would be even nicer, is if this action would happen 
automatically once a domain name has gone over a certain amount of QPS. 
And I can't seem to find a way to do this. From what I can find, Dynamic 
Rule Generation doesn't have a way to check QPS per domain name.

There is an easy way to add a QPS per server or per originating 
IP-range, but I can't seem to find a way to limit the QPS automatically 
on a per domain name basis.

I understand that this is actually not as easy to do as it sounds, since 
some domain names are registered on the 3d level. But right now I would 
be happy with a way of working similar to

Yes, that does mean that the whole of .co.uk will need to fit into the 
same QPS.

Is this possible?


Bart Mortelmans

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20170315/326c2d64/attachment.html>

More information about the dnsdist mailing list