[dnsdist] How to best handle DNS floods
aharen at outlook.com
Thu Mar 31 08:59:59 UTC 2022
I am in a situation where my dnsdist server is being flooding with random DNS quieies like seen below:
These floods generate large SERVFAIL responses and would like to minimize or best handle this.
On the cache config, I have enabled temporaryFailureTTL to 3600 and staleTTL to 3600.
And added the action "addAction(RCodeRule(DNSRCode.SERVFAIL), DropAction())" - although I am uncertain if this works as I think it would.
I do have another QPS rule, "addAction(MaxQPSIPRule(50), PoolAction("abuse"))", to redirect the flooders.
The only thing I can't do is apply any delay or drop action which would disrupt the user's legit queries.
Using Dynamic Rule is interesting, but it blocks queries once the "exceedServFails" exceeds, blocks legit queries for /32 - which is disruptive.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dnsdist