[dnsdist] dynblock rules AND

Remi Gacogne remi.gacogne at powerdns.com
Mon Jun 3 13:02:30 UTC 2019


Hi Nico,

On 6/1/19 5:39 AM, Nico wrote:
> Hi!
> Small question about dynamic block rules
> there is no AND for rate limiting rules ?
> 
> its always OR
> 
> local dbr = dynBlockRulesGroup()
> dbr:setQTypeRate(dnsdist.ANY, 5, 10, "Exceeded ANY rate", 60)
> dbr:setResponseByteRate(10000, 10, "Exceeded resp BW rate", 60)
> 
> If I want to limit TXT byte rate for example....

There is indeed no way to combine rules for the dynamic blocking
feature. You should be able to do the kind of rate-limiting you have in
mind with regular rules, though.

Best regards,
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20190603/188279d5/attachment.sig>


More information about the dnsdist mailing list