[Pdns-users] Throttling DNS requests in PowerDNS recursor
Peter van Dijk
peter.van.dijk at netherlabs.nl
Mon Jun 30 06:31:03 UTC 2014
Hello,
On 25 Jun 2014, at 18:26 , Aki Tuomi <cmouse at youzen.ext.b2.fi> wrote:
> On Wed, Jun 25, 2014 at 11:33:44AM -0400, Edwin wrote:
>> I was wondering if it is possible to throttle/rate-limit DNS
>> requests that are incoming to a PowerDNS recursing server, without
>> having to rely on IPtables. A little of context, we are getting
>> thousands of requests per second to our resolvers from some (a
>> handful) IP addresses, and we wish to proactively throttle requests
>> when the query rate exceeds a certain threshold, in order to avoid
>> the abuse of our servers.
>
> The 3.6.0 version combined with a particular LUA script will achieve this. See
> http://mailman.powerdns.com/pipermail/pdns-dev/2014-June/001452.html
>
> And
> https://github.com/Habbie/pdns/blob/luapolicy/pdns/policy-example-rrl.lua
That script is for the upcoming auth release. The Lua interface in the Recursor has different hooks (but porting scripts is doable). That specific script will do no good for your Recursor issues, however.
This may interest you: http://blog.powerdns.com/2014/04/03/further-dos-guidance-packages-and-patches-available/
Kind regards,
--
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20140630/f5f40da7/attachment-0001.sig>
More information about the Pdns-users
mailing list