[Pdns-dev] [dns-operations] dns response rate limiting (DNS RRL) patch available for testing
Marc Haber
mh+pdns-dev at zugschlus.de
Sat Jun 16 14:28:14 CEST 2012
On Thu, Jun 14, 2012 at 10:55:45AM +0200, Peter van Dijk wrote:
> On Jun 14, 2012, at 10:28 , Ask Bjørn Hansen wrote:
> > This would be a nice feature to have in PowerDNS, too.
>
> I have a PowerDNS branch that allows a Lua hook to be called before processing of any query: https://github.com/Habbie/powerdns/compare/master...lua-prequery
>
> I'm thinking building the filtering in Lua (performance permitting) would be an interesting exercise in configurability.
>
> Thoughts?
Please don't do this in a way that harms performance. I know of at
least one site that gets tens of thousands of queries per seconds on
authoritative servers, about 90 % of them abusive at times, and that
would love to have a per-IP rate limit implemented inside PowerDNS so
that one could get rid of the iptables-based rate limit that is in
place at the moment.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062
More information about the Pdns-dev
mailing list