[dnsdist] dnsdist 1.8, change of behavior for dynamic blocks

Remi Gacogne remi.gacogne at powerdns.com
Thu May 11 09:58:14 UTC 2023


Hi Jacob,

On 14/04/2023 08:25, Jacob Bunk Nielsen via dnsdist wrote:
> Just a heads up, we run an auth DNS service and I noticed after we 
> upgraded to dnsdist 1.8 that we have started blocking a lot more based 
> on a dynamic block rule defined as:
> 
> dbr:setRCodeRate(DNSRCode.REFUSED, N, X, 'Exceeded REFUSED response 
> rate', Y)
> 
> This is what the metrics look like from around the upgrade time: 
> https://allg.one/bvLn - I suspect that the rule above have now started 
> working as intended.

Thanks a lot for the heads-up! I don't remember any recent change in the 
related code, so I'm a bit surprised. Just to be sure, was dnsdist 
upgraded from 1.7.x? I'm asking because I remember fixing an issue that 
could be related in 1.6, but that doesn't match if you upgraded from 
1.7.x, of course.

Cheers,
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20230511/0ad2dfaa/attachment.sig>


More information about the dnsdist mailing list