[dnsdist] dynamic QPS limiting per domain in dnsdist
Bart Mortelmans
pdns-users at bart.bim.be
Wed Mar 15 15:49:53 UTC 2017
Dear,
I've been testing dnsdist to use it in front of an authoritative
nameserver. We recently had trouble with large amounts of requests
coming in directly on our PowerDNS for random subdomains of one specific
domain name. With dnsdist, if I notice such a situation, I can manually
limit the harm done to other domain names with something like
addQPSLimit("example.org.", 1000)
But what would be even nicer, is if this action would happen
automatically once a domain name has gone over a certain amount of QPS.
And I can't seem to find a way to do this. From what I can find, Dynamic
Rule Generation doesn't have a way to check QPS per domain name.
There is an easy way to add a QPS per server or per originating
IP-range, but I can't seem to find a way to limit the QPS automatically
on a per domain name basis.
I understand that this is actually not as easy to do as it sounds, since
some domain names are registered on the 3d level. But right now I would
be happy with a way of working similar to
topQueries(50,2)
Yes, that does mean that the whole of .co.uk will need to fit into the
same QPS.
Is this possible?
Thanks!
Sincerely,
Bart Mortelmans
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20170315/326c2d64/attachment.html>
More information about the dnsdist
mailing list