[Pdns-users] PDNS Authoritative Server DDOS Protection
haghshenas at chavoosh.com
Sat Jul 21 06:08:07 UTC 2018
Thanks for your solution, I use it same as below:
local dbr = dynBlockRulesGroup()
dbr:setQueryRate(3, 10, "Exceeded query rate", 60)
dbr:setRCodeRate(dnsdist.NXDOMAIN, 3, 10, "Exceeded NXD rate", 60)
dbr:setRCodeRate(dnsdist.SERVFAIL, 3, 10, "Exceeded ServFail rate", 60)
dbr:setQTypeRate(dnsdist.ANY, 3, 10, "Exceeded ANY rate", 60)
dbr:setResponseByteRate(5000, 10, "Exceeded resp BW rate", 60)
For attacks build by Mausezahn with small Src Address subnet, worked fine and blocked every /32 subnet that reach the query rate . but when use big SRC subnet like /20 it can't manage the queries and CPU rate increase .
could you please let me know is there any way to force Dyn blocked function check /24 subnet instead of /32 and, for every /24 SRC subnet, if query rate exceed then block /24 subnet .
for example for 10.10.10.0/24, if query rate exist 10 for 10s then block 10.10.10.0/24.
From: Pdns-users [mailto:pdns-users-bounces at mailman.powerdns.com] On Behalf Of bert hubert
Sent: Tuesday, July 17, 2018 3:49 PM
To: pdns-users at mailman.powerdns.com
Subject: Re: [Pdns-users] PDNS Authoritative Server DDOS Protection
On Tue, Jul 17, 2018 at 03:24:22PM +0430, Hamed Haghshenas wrote:
> Could you please let me know how handle these large DDOS attacks?
Please take a look at https://dnsdist.org/guides/dynblocks.html#dynblockrulesgroup
This is specifically meant for the case of many different IP addresses attacking you.
Pdns-users mailing list
Pdns-users at mailman.powerdns.com
More information about the Pdns-users