[dnsdist] dnsdist to limit requests per domain

De Webmakers (Stephan) stephan at dewebmakers.nl
Mon Nov 8 12:03:47 UTC 2021


We recently experienced a DDoS on our nameservers.
We are now looking to (help) prevent this in the future and since we are using powerDNS we came across dnsdist.

We analyzed the DDoS requests and the requests came from different (probably spoofed) IP's.
For example x.y.z.1 and then x.y.x.2 etc.

The requested domain was the same every time with a different subdomain.
For example a.example.com and then b.example.com.

Would it be possible for dnsdist to limit requests per domain instead of per IP?
So if there are more then 10 requests for *.example.com in a second (or something) the requests for that entire domain (example.com) are dropped for 60 seconds (or more).

Thanks for the help in advance!

Met vriendelijke groet,

Stephan Versluijs

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20211108/9db7e0e5/attachment.htm>

More information about the dnsdist mailing list