[Pdns-users] multi dns server

Steffan Noord steffannoord at gmail.com
Mon Oct 23 08:05:42 UTC 2023 

Thanks.

I will read-in on dnsdist this week.
In the past i have treid it but dit something wrong in the config. I had
pdns and dnsdig on one server. I think it would be better to use a
sepperste vps for it.

Met vriendelijke groet,

Steffan Noord

Op ma 23 okt. 2023 10:00 schreef Andreas Danzer via Pdns-users <
pdns-users at mailman.powerdns.com>:

> Hello Steffan,
>
> that kind of attack is quite common these days. I would recommend
> putting your authoriative nameservers behind dnsdist. Dnsdist acts as a
> DNS firewall, proxy and loadbalancer.
>
> We're running some rulesets on dnsdist, that e.g. dynamically block IPs
> that "produce" unusual high numbers of NXDOMAIN answers with their
> queries (which is usually the case with IPs taking part in PRSD
> attacks). You can also limit the number of queries per IP or loadbalance
> queries to more than one backend DNS node. dnsdist is extreme powerfull
> and versatile and the perfect tool to protect your DNS nodes.
>
> To be able to see, which domains are actually attacked, you should not
> use pdns query logging - it has a big performance impact which makes the
> situation even worse during an attack. Better use some traffic
> capturing/sampling tools like pktvisor. It feeds data about the dns
> queries to prometheus, which can be visualized with grafana. You can use
> that same setup (prometheus & grafana) to monitor your dndist and pdns
> installations.
>
> Am 20.10.2023 um 15:52 schrieb Steffan via Pdns-users:
> > Well the problem was a small attack targeting a lot of subdomains of a
> client.
> >
> > Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote 117.54.16.252 wants '
> payments.xxx.com|A', do = 1, bufsize = 1232 (4096): packetcache MISS
> > Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote 2a02:2f0e:5fff:ffff::2
> wants 'skyline.xxx.com|A', do = 1, bufsize = 1232 (4096): packetcache MISS
> > Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote 2a04:c602:409:fe::27
> wants 'app3.xxx.com|A', do = 1, bufsize = 1232: packetcache MISS
> >
> > I comes from many different ips and only 3 minutes 150mb/s
> >
> > I forgot on that time that I had logging on. So it could be that without
> the logging the dns would be fast enough to handle it
> >
> > Average bandwith load is abouth 160k/s so no big deal.
> >
> >
> > Met vriendelijke groet,
> >
> > Steffan Noord
> >
> >
> >
> >
> >
> >
> > -----Oorspronkelijk bericht-----
> > Van: Victor Hugo dos Santos <listas.vhs at gmail.com>
> > Verzonden: vrijdag 20 oktober 2023 15:45
> > Aan: All about using and deploying powerdns <
> pdns-users at mailman.powerdns.com>
> > CC: steffannoord at gmail.com
> > Onderwerp: Re: [Pdns-users] multi dns server
> >
> > Hello there,
> >
> > The quantity of the domain, not necessarily reflect the quantity of
> queries/load.
> > you can have 5.000 domains with 1.000 QPS or you can have 1 domain with
> 15.000 QPS !! :-)
> >
> > Anyway, you should monitor your servers and see if this issue is some
> kind of "normal" stuff or some kind of problem (attack, data leak,
> misconfiguration, etc). When you detect the problem, then you can decide
> what to do.
> >
> > About NS3, NS4, it is a totally valid option, not only to balance the
> queries between servers, but to improve your HA too !!! Nevertheless, you
> still need to detect where the problem is, if not, you are only going to
> spend time with the new NS server but the problem will still occur.
> >
> > Let us know what you find.
> >
> > Good luck
> >
> >
> >
> >
> >
> >
> >
> > On Fri, 20 Oct 2023 at 12:01, Steffan via Pdns-users <
> pdns-users at mailman.powerdns.com> wrote:
> >>
> >> Hello,
> >>
> >>
> >>
> >> 2 days ago my 2 dns servers has 150mbit of data to process and the dns
> went down.
> >> After the flood was stopped it came up again.
> >>
> >>
> >>
> >> Im using pdns 4.8.3 on centos with mysql backends
> >>
> >>
> >> I just wondering what will the best idee to spread the risk
> >>
> >> It is handling about 5000 domains so not a very big system.
> >>
> >> is it better to use a ns3, ns4 to spread the loads on multi servers Or
> >> some kind of load balancing or multi ip setup on ns1 and ns2 on multi
> >> servers
> >>
> >>
> >>
> >> Any other idees are welcome
> >>
> >>
> >>
> >> With regard
> >>
> >>
> >>
> >> Steffan
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Pdns-users mailing list
> >> Pdns-users at mailman.powerdns.com
> >> https://mailman.powerdns.com/mailman/listinfo/pdns-users
> >
> >
> >
> > --
> > --
> > Victor Hugo dos Santos
> > http://www.vhsantos.net
> > Linux Counter #224399
> >
> > _______________________________________________
> > Pdns-users mailing list
> > Pdns-users at mailman.powerdns.com
> > https://mailman.powerdns.com/mailman/listinfo/pdns-users
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20231023/9cc575c1/attachment.htm>

More information about the Pdns-users mailing list