[Pdns-users] Mitigating / stopping recent Denial of Service Attacks

bert hubert bert.hubert at netherlabs.nl
Wed Jun 4 18:38:22 UTC 2014


On Sat, May 31, 2014 at 02:23:38PM -0500, okTurtles wrote:

> I'd prefer for PDNS recursor to do the detecting and mitigating itself,
> but I want a solution ASAP and don't want to wait, so if it doesn't

You want a lot!

Here's what I wrote elsewhere to you, but I'm repeating it here so our
stance is known:

"Feel free to implement it in Lua. The PowerDNS policy is not to implement
attack specific anti-DoS logic in the core of the software, since attackers
can cycle faster than folks can deploy our software. This means that 'attack
detection based techniques' need to live in Lua.

What you describe could well be done from Lua - store recent queries via
preresolve, but pdns.PASS them, except if you've detected enumeration.

Good luck again.

        Bert"





More information about the Pdns-users mailing list