[dnsdist] DOS configurations

Eric Merkel ejmerkel at sozotechnologies.com
Tue Nov 28 16:15:38 UTC 2023


Hello all,

I am a dnsdist noob here seeking some advice. I have set up and am testing
dnsdist in the following configuration.

4 geographically diverse dnsdist servers load balancing 4 authoritative
backend servers for around 30,000 domains/zones.

I understand how to set up an Abuse pool to handle clients that reach a
certain number of QPS. What I am looking for are some other example
configurations or best practices to help deal with DOS attacks that other
users have experienced in the past.

My goal is to put some basic safeguards in place before we experience an
attack rather than scrambling to figure out something quickly while an
attack is occurring.

Any advice or sample configurations etc would be much appreciated!

Best regards,
Eric
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20231128/e08760e6/attachment.htm>


More information about the dnsdist mailing list