[Pdns-users] Flood Throttle
Peter van Dijk
peter.van.dijk at netherlabs.nl
Wed Sep 7 09:16:35 UTC 2011
On Sep 7, 2011, at 6:36 AM, Andrew Melton wrote:
> Following the advice from the IRC channel, I am looking for throttling support in PDNS. As I understand it, the rescursor currently has the ability to suppress repetitive queries from being forwarded to an authoritative name server. However, there is no mechanism to discourage those requests from the client in the first place.
Correct, no such mechanism is in place right now.
> Essentially, instead of answering the a bogus query forever, at a certain point, it would make sense to return an alternate response. After 50 requests for an NXDOMAIN, the recursor could not only stop forwarding queries, but reply with SRVFAIL or similar, updating its cache accordingly.
Updating the recursor cache from NXDOMAIN to SERVFAIL, based on client request rate, sounds like a bad idea - but perhaps I am misreading you here.
> Just as with setting a throttling threshold on forwarding, x requests within y seconds would constitute a flood and instruct the recursor to protect itself by altering its response to identical requests.
The big question is: protect itself against what? Usually, because of the packetcache, these repeated queries do not actually hurt the recursor.
In short: what problem are you trying to solve? Do you have a setup that is actively suffering from repeated queries? More information would help us understand your concerns.
Peter van Dijk
More information about the Pdns-users