[dnsdist] Number of Actions
Klaus Darilion
klaus.mailinglists at pernau.at
Mon Apr 15 19:45:41 UTC 2019
Hello Bert!
Am 15.04.2019 um 21:23 schrieb bert hubert:
> On Mon, Apr 15, 2019 at 08:39:30PM +0200, Klaus Darilion wrote:
>> Hello!
>>
>> Is there a max number of actions, before there might be performance
>> problems?
>
> Yes. The design goal is not to have hundreds of rules, but to have fewer,
> more powerful rules.
>
> For example, in your case, you can do:
> addAction({"lots", "of", "domains"}, DropAction())
>
> This is then fast, much faster than three separate rules.
>
> You can also create a SuffixMatchNode and fill it programatically and then
> use a SuffixMatchNodeRule(smn) on it.
>
> Finally for your case, which I spotted on another list, you may want to look
> at https://dnsdist.org/guides/dynblocks.html which can be a lot of fun.
Do you have an example? The examples on the page you referenced do not
deal with query-domains. Filtering based on response code does not help
as the request already hit the authoritative server. Filtering on client
IP would also filter good queries coming from this client.
Thanks
Klaus
More information about the dnsdist
mailing list