[dnsdist] Query current config of dynBlockRulesGroup
Remi Gacogne
remi.gacogne at powerdns.com
Thu Aug 24 09:58:39 UTC 2023
Hi,
On 24/08/2023 11:47, Ben Kaplan via dnsdist wrote:
> 1. We're searching for how to query the current values of
> dynBlockRulesGroup (using ebpf) via the console.
> Once the rule kicks in we can see the IP blocked and the warning
> message when running "showDynBlocks()".
> However, we can't find any way to query for the actual values and
> rules configured in "function maintenance()".
The dynBlockRulesGroup class has a 'toString' method which describes the
current configuration [1]. So if you have declared it with, for example:
dbr = dynBlockRulesGroup()
dbr:setRCodeRate(DNSRCode.NXDOMAIN, 5, 5, "Exceeded NXD rate", 60)
you can later retrieve the current configuration via:
> dbr:toString()
Query rate rule:
Response rate rule:
SuffixMatch rule:
RCode rules:
- Non-Existent domain: Apply the global DynBlock action for 60 seconds
when over 5 during the last 5 seconds, reason: 'Exceeded NXD rate'
QType rules:
Excluded Subnets:
Excluded Domains:
> 2. When running "addDynBlocks(addresses, message[, seconds=10[,
> action]])" from the console when dnsdist already has the same rule
> configured. will this create a second rule or modify the value of
> the existing rule?
Modify, unless the existing rule was still valid for a longer time than
the one you are trying to insert.
[1]: https://dnsdist.org/reference/config.html#DynBlockRulesGroup:toString
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20230824/89ea90c2/attachment.sig>
More information about the dnsdist
mailing list