[dnsdist] dnsdist 1.8, change of behavior for dynamic blocks
Remi Gacogne
remi.gacogne at powerdns.com
Thu May 11 09:58:14 UTC 2023
Hi Jacob,
On 14/04/2023 08:25, Jacob Bunk Nielsen via dnsdist wrote:
> Just a heads up, we run an auth DNS service and I noticed after we
> upgraded to dnsdist 1.8 that we have started blocking a lot more based
> on a dynamic block rule defined as:
>
> dbr:setRCodeRate(DNSRCode.REFUSED, N, X, 'Exceeded REFUSED response
> rate', Y)
>
> This is what the metrics look like from around the upgrade time:
> https://allg.one/bvLn - I suspect that the rule above have now started
> working as intended.
Thanks a lot for the heads-up! I don't remember any recent change in the
related code, so I'm a bit surprised. Just to be sure, was dnsdist
upgraded from 1.7.x? I'm asking because I remember fixing an issue that
could be related in 1.6, but that doesn't match if you upgraded from
1.7.x, of course.
Cheers,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20230511/0ad2dfaa/attachment.sig>
More information about the dnsdist
mailing list