[dnsdist] dnsdist Digest, Vol 65, Issue 11
SAMI RAHAL
Sami.Rahal at topnetpro.tn
Tue Feb 2 09:51:31 UTC 2021
Hello
someone can help me please
________________________________________
De : SAMI RAHAL
Envoyé : samedi 30 janvier 2021 19:11
À : dnsdist at mailman.powerdns.com
Objet : RE: dnsdist Digest, Vol 65, Issue 11
thank you Jacob for your reply ,
I want to know the normal response from a dns resolver server in general (the value in ms)
here is the setup
-- listen for console connection with the given secret key
controlSocket("0.0.0.0")
addLocal('@IP-serverdnsdist:53',{doTCP=true, reusePort=true, tcpFastOpenSize=0})
setACL('@IP/24')
-- fix up possibly badly truncated answers from pdns 2.9.22
truncateTC(true)
warnlog(string.format("Script starting %s", "up!"))
newServer({name="unbound", address="@IP", qps=1000, order=1})
newServer({name="pdns-recursor", address="@IP", order=2})
--newServer({address="8.8.8.8", pool="abuse"})
-- set the TC-bit (truncate) on ANY queries received over UDP, forcing a retry over TCP.
addAction(AndRule({QTypeRule(dnsdist.ANY), TCPRule(false)}), TCAction())
-- DDos protection, block for 5 minutes. https://dnsdist.org/guides/dynblocks.html
local dbr = dynBlockRulesGroup()
dbr:setQueryRate(30, 10, "Exceeded query rate", 3000)
dbr:setRCodeRate(dnsdist.NXDOMAIN, 20, 10, "Exceeded NXD rate", 3000)
dbr:setRCodeRate(dnsdist.SERVFAIL, 20, 10, "Exceeded ServFail rate", 300)
dbr:setQTypeRate(dnsdist.ANY, 5, 10, "Exceeded ANY rate", 300)
dbr:setResponseByteRate(10000, 10, "Exceeded resp BW rate", 300)
-- send the queries for selected domain suffixes to the server
-- in the 'abuse' pool
addAction({"ezdns.it.", "xxx."}, PoolAction("abuse"))
-- send the queries from a selected subnet to the
-- abuse pool
addAction("192.168.1.0/24", PoolAction("abuse"))
-- send only queries from the selected subnet to
-- the luarule function
addLuaAction("192.168.1.0/24", luarule)
-- drop queries exceeding 5 qps, grouped by /24 for IPv4
-- and /64 for IPv6
addAction(MaxQPSIPRule(5, 24, 64), DropAction())
-- move the last rule to the first position
topRule()
-- drop queries for the following suffixes:
addAction("powerdns.org.", DropAction())
addAction("spectre.", DropAction())
-- called before we distribute a question
block=newDNSName("powerdns.org.")
truncateNMG = newNMG()
truncateNMG:addMask("213.244.0.0/16")
truncateNMG:addMask("2001:503:ba3e::2:30")
truncateNMG:addMask("fe80::/16")
print(string.format("Have %d entries in truncate NMG", truncateNMG:size()))
-- called to pick a downstream server, ignores 'up' status
counter=0
function luaroundrobin(servers, dq)
counter=counter+1;
return servers[1+(counter % #servers)]
end
-- based on the RD flag
function splitSetup(servers, dq)
if(dq.dh:getRD() == false)
then
return firstAvailable.policy(getPoolServers("auth"), dq)
else
return firstAvailable.policy(servers, dq)
end
end
-- setServerPolicyLua("splitSetup", splitSetup)
-- the 'maintenance' function is called every second
function maintenance()
-- block all hosts that exceeded 20 qps over the past 10s,
-- for 60s
addDynBlocks(exceedQRate(20, 10), "Exceeded query rate", 60)
end
--addAction(AllRule(), LogAction("/var/log/dnsdist.log", false, true, false,true,true))
addAction(AllRule(), LogAction("/var/log/dnsdist.log", false, true, false))
I await your response and suggestion
Best regards
Cordialement,
Sami Rahal
Service Hosting
Direction Technique & SI
Siège Social TOPNET, Centre Urbain Nord
Tél. :71185000
GSM :99 459 812
________________________________________
De : dnsdist <dnsdist-bounces at mailman.powerdns.com> de la part de dnsdist-request at mailman.powerdns.com <dnsdist-request at mailman.powerdns.com>
Envoyé : samedi 30 janvier 2021 13:00
À : dnsdist at mailman.powerdns.com
Objet : dnsdist Digest, Vol 65, Issue 11
Send dnsdist mailing list submissions to
dnsdist at mailman.powerdns.com
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.powerdns.com/mailman/listinfo/dnsdist
or, via email, send a message with subject or body 'help' to
dnsdist-request at mailman.powerdns.com
You can reach the person managing the list at
dnsdist-owner at mailman.powerdns.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dnsdist digest..."
Today's Topics:
1. Average response latency (SAMI RAHAL)
2. Re: Average response latency (Jacob Bunk Nielsen)
----------------------------------------------------------------------
Message: 1
Date: Fri, 29 Jan 2021 16:41:57 +0000
From: SAMI RAHAL <Sami.Rahal at topnetpro.tn>
To: "dnsdist at mailman.powerdns.com" <dnsdist at mailman.powerdns.com>
Subject: [dnsdist] Average response latency
Message-ID: <1611938548715.44407 at topnetpro.tn>
Content-Type: text/plain; charset="iso-8859-1"
hello please
is the following result from my dnsdist server within standards? and at the same time I want to know the optimal response time of a dns resolver server
Average response latency: 69.79 msec
msec
0.10
0.20
0.40 :
0.80 **********************************************************************
1.60 ************************
3.20 :
6.40 .
12.80 *
25.60 :
51.20 *******************************************
102.40 **********************
204.80 **************
409.60 ************
819.20 **
1638.40 :
Cordialement, Sami Rahal Service Hosting Direction Technique & SI Si?ge Social TOPNET, Centre Urbain Nord T?l. :71185000 GSM :99 459 812
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20210129/aecd9492/attachment-0001.htm>
------------------------------
Message: 2
Date: Fri, 29 Jan 2021 20:37:51 +0100
From: Jacob Bunk Nielsen <jbn at one.com>
To: dnsdist at mailman.powerdns.com
Subject: Re: [dnsdist] Average response latency
Message-ID: <c36d5052-8ea7-3dbb-18a1-f97b01363dd5 at one.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
On 29/01/2021 17.41, SAMI RAHAL via dnsdist wrote:
> hello please is the following result from my dnsdist server within
> standards? and at the same time I want to know the optimal response
> time of a dns resolver server
What's your setup?
The ~1 ms response times are probably cached responses.
The ~50-500ms response times are probably from backends. You tell us if
that's reasonable for your setup?
Best regards,
Jacob
------------------------------
Subject: Digest Footer
_______________________________________________
dnsdist mailing list
dnsdist at mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
------------------------------
End of dnsdist Digest, Vol 65, Issue 11
***************************************
More information about the dnsdist
mailing list