[Pdns-users] Rate-Limit for NXDOMAIN
Brian Candler
b.candler at pobox.com
Tue Apr 30 14:23:05 UTC 2019
On 30/04/2019 14:57, Filipe Cifali wrote:
> Other than that you can put a DNS cache in front of the authoritative
> to hold off those aggressive queries and give it a nice slab of RAM.
pdns has its own packetcache layer which works very well, but if every
query is a different <randomstring>.<yourdomain> then any cache would be
forced to pass the query through.
There might be some ways to deal with this. e.g. if <randomstring> is
always more than a certain number of characters, dnsdist could filter
them out (whilst explicitly whitelisting any other valid names which
happen to be the same length)
The trouble is, you do still want to return NXDOMAIN normally to regular
typos.
More information about the Pdns-users
mailing list