[Pdns-users] Flood Throttle
rbc310 at gmail.com
Wed Sep 7 04:36:46 UTC 2011
Following the advice from the IRC channel, I am looking for throttling
support in PDNS. As I understand it, the rescursor currently has the
ability to suppress repetitive queries from being forwarded to an
authoritative name server. However, there is no mechanism to discourage
those requests from the client in the first place.
Essentially, instead of answering the a bogus query forever, at a certain
point, it would make sense to return an alternate response. After 50
requests for an NXDOMAIN, the recursor could not only stop forwarding
queries, but reply with SRVFAIL or similar, updating its cache accordingly.
Just as with setting a throttling threshold on forwarding, x requests within
y seconds would constitute a flood and instruct the recursor to protect
itself by altering its response to identical requests.
And pushing this to a network appliance (firewall) won't work. It needs to
be unattended and realtime.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pdns-users