[dnsdist] DelayAction with dnsdist 1.4.0-rc1

Brian Sullivan brian.sullivan at lookout.com
Fri Aug 16 13:41:28 UTC 2019 

Hi Remi,

Thanks for your insight ...

Regards,
brian

On Fri, Aug 16, 2019 at 9:29 AM Remi Gacogne <remi.gacogne at powerdns.com>
wrote:

>
> On 8/16/19 3:04 PM, Brian Sullivan wrote:
> > Yes my bad ... I missed that.  Just a thought, next time the
> > documentation is updated, Section 5.1.1 Examples and Section 15.6 Rules
> > for traffic exceeding QPS limits could both use a note that it is UDP
> > only. Since it is such a simple action, I didn't even look at the
> > reference.
>
> Yeah, it's on us, sorry about that.
> I see Frank has already opened a pull request to fix that, thanks a lot!
>
> > What do you think of this alternative, I could use the same MaxQPSIPRule
> > rule and tag the query and pass it along to the recursor. In a lua
> > script I could check the tag and add a delay. I need to read up on it ..
> > but I am assuming the lua processing is multithreaded? I could also add
> > a second MaxQPSIPRule with a higher qps value and add a DropAction to
> > protect the recursor.
>
> Hmm, no, you can't block in a Lua script. That wouldn't be too bad in
> 1.3.x for TCP connections, since a thread only handled one connection at
> a time, but in 1.4.0 a single thread can handle a lot of TCP
> connnections at once so we can't afford to block there.
> It's a bit more complicated in the recursor but basically you can't
> block there either.
>
> I'm afraid I don't really have a solution to offer if you want to delay
> the response over TCP, sorry :-/ We should probably fix that since I
> assume that people might want to delay over DoT or DoH too.
>
> Best,
> --
> Remi Gacogne
> PowerDNS BV - https://www.powerdns.com/
>
> _______________________________________________
> dnsdist mailing list
> dnsdist at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist
>


-- 



Brian M. Sullivan
Senior Staff Security Intelligence Engineer
bsullivan at lookout.com |  www.lookout.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20190816/94ebb4f8/attachment.html>

More information about the dnsdist mailing list