[Pdns-users] PDNS Authoritative Server DDOS Protection

Hamed Haghshenas haghshenas at chavoosh.com
Wed Jul 25 04:20:46 UTC 2018

Is there any update here?
Could anyone help me on this ?

Hamed Haghshenas
-----Original Message-----
From: Hamed Haghshenas [mailto:haghshenas at chavoosh.com] 
Sent: Saturday, July 21, 2018 10:38 AM
To: 'pdns-users at mailman.powerdns.com' <pdns-users at mailman.powerdns.com>
Subject: RE: [Pdns-users] PDNS Authoritative Server DDOS Protection

Hi Bert,

Thanks for your solution, I use it same as below:

local dbr = dynBlockRulesGroup()
dbr:setQueryRate(3, 10, "Exceeded query rate", 60) dbr:setRCodeRate(dnsdist.NXDOMAIN, 3, 10, "Exceeded NXD rate", 60) dbr:setRCodeRate(dnsdist.SERVFAIL, 3, 10, "Exceeded ServFail rate", 60) dbr:setQTypeRate(dnsdist.ANY, 3, 10, "Exceeded ANY rate", 60) dbr:setResponseByteRate(5000, 10, "Exceeded resp BW rate", 60)

function maintenance()

For attacks build by Mausezahn with small Src Address subnet, worked fine and blocked every /32 subnet that reach the query rate . but when use big SRC subnet like /20 it can't manage the queries and CPU rate increase .

could you please let me know is there any way to force Dyn blocked function check /24 subnet instead of /32 and, for every /24 SRC subnet, if query rate exceed then block /24 subnet .
for example for, if query rate exist 10 for 10s then block

Hamed Haghshenas

-----Original Message-----
From: Pdns-users [mailto:pdns-users-bounces at mailman.powerdns.com] On Behalf Of bert hubert
Sent: Tuesday, July 17, 2018 3:49 PM
To: pdns-users at mailman.powerdns.com
Subject: Re: [Pdns-users] PDNS Authoritative Server DDOS Protection

On Tue, Jul 17, 2018 at 03:24:22PM +0430, Hamed Haghshenas wrote:
> Could you please let me know how handle these large DDOS attacks?

Hi Hamed,

Please take a look at https://dnsdist.org/guides/dynblocks.html#dynblockrulesgroup

This is specifically meant for the case of many different IP addresses attacking you.

Good luck!

Pdns-users mailing list
Pdns-users at mailman.powerdns.com

More information about the Pdns-users mailing list