[dnsdist] Question about implementing dynBlockRulesGroup
CamZie
camzie at protonmail.com
Mon Oct 30 10:08:24 UTC 2023
Hello,
We would like to use DNSdist to block traffics that exceeds a QPS limit and we have configured the following as test:
local dbr = dynBlockRulesGroup()
dbr:setQueryRate(5, 1, "Exceeded query rate", 60)
dbr:setQTypeRate(DNSQType.ANY, 2, 1, "Exceeded ANY rate", 60)
function maintenance()
dbr:apply()
end
However, when we do 10 queries with the following command, all 10 requests still goes through successfully:
for a in {0..10}; do dig -t a <DOMAIN> @<DNSdist_IP> +short; done
From the console, we can see that the client has been detected and is listed in the blocklist but still the 10 queries has gone through even though we have limited it to 5.
> showDynBlocks()
What Seconds Blocks Warning Action Reason<DNSdist_IP>/32 56 0 false Drop Exceeded query rate
Is there a way we can immediately drop the connection after reaching max 5 queries per second as defined in the config? This is the same case with the ANY requests restriction.
Thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20231030/58408b9d/attachment.htm>
More information about the dnsdist
mailing list