[Pdns-users] Rate-Limit for NXDOMAIN
Nico CARTRON
nicolas at ncartron.org
Fri Apr 26 13:05:23 UTC 2019
Hi Markus,
On 26-Apr-2019 14:55 CEST, <Markus.Ehrlicher at komsa.de> wrote:
> Hello together,
>
> since recently we use two powerDNS Authoritative Servers (v.4.1.8) for
> managing our own domains. Is it possible, to rate-limit dns lookups for
> non-existing Domains?
> Background: from time to time (several times a day), we get hundreds (or
> thousands) of requests to random, non-existing, subdomains for one domain, we
> are authoritative for. The root domain is the same in all requests. I don't
> understand the aim of this attacks, but want to limit it in some possible
> ways.
This looks like a mission for dnsdist (http://www.dnsdist.org)
Especially this section: https://dnsdist.org/guides/dynblocks.html#dynblockrulesgroup
Cheers,
--
Nico
More information about the Pdns-users
mailing list