[dnsdist] Question about implementing dynBlockRulesGroup

CamZie camzie at protonmail.com
Mon Oct 30 10:08:24 UTC 2023


We would like to use DNSdist to block traffics that exceeds a QPS limit and we have configured the following as test:

local dbr = dynBlockRulesGroup()

dbr:setQueryRate(5, 1, "Exceeded query rate", 60)
dbr:setQTypeRate(DNSQType.ANY, 2, 1, "Exceeded ANY rate", 60)

function maintenance()
However, when we do 10 queries with the following command, all 10 requests still goes through successfully:

for a in {0..10}; do dig -t a <DOMAIN> @<DNSdist_IP> +short; done

From the console, we can see that the client has been detected and is listed in the blocklist but still the 10 queries has gone through even though we have limited it to 5.

> showDynBlocks()
What Seconds Blocks Warning Action Reason<DNSdist_IP>/32 56 0 false Drop Exceeded query rate

Is there a way we can immediately drop the connection after reaching max 5 queries per second as defined in the config? This is the same case with the ANY requests restriction.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20231030/58408b9d/attachment.htm>

More information about the dnsdist mailing list