[dnsdist] DelayAction with dnsdist 1.4.0-rc1

Remi Gacogne remi.gacogne at powerdns.com
Fri Aug 16 13:29:16 UTC 2019


On 8/16/19 3:04 PM, Brian Sullivan wrote:
> Yes my bad ... I missed that.  Just a thought, next time the
> documentation is updated, Section 5.1.1 Examples and Section 15.6 Rules
> for traffic exceeding QPS limits could both use a note that it is UDP
> only. Since it is such a simple action, I didn't even look at the
> reference. 

Yeah, it's on us, sorry about that.
I see Frank has already opened a pull request to fix that, thanks a lot!

> What do you think of this alternative, I could use the same MaxQPSIPRule
> rule and tag the query and pass it along to the recursor. In a lua
> script I could check the tag and add a delay. I need to read up on it ..
> but I am assuming the lua processing is multithreaded? I could also add
> a second MaxQPSIPRule with a higher qps value and add a DropAction to
> protect the recursor. 

Hmm, no, you can't block in a Lua script. That wouldn't be too bad in
1.3.x for TCP connections, since a thread only handled one connection at
a time, but in 1.4.0 a single thread can handle a lot of TCP
connnections at once so we can't afford to block there.
It's a bit more complicated in the recursor but basically you can't
block there either.

I'm afraid I don't really have a solution to offer if you want to delay
the response over TCP, sorry :-/ We should probably fix that since I
assume that people might want to delay over DoT or DoH too.

Best,
-- 
Remi Gacogne
PowerDNS BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20190816/3f1254d5/attachment.sig>


More information about the dnsdist mailing list