On 8/16/19 3:04 PM, Brian Sullivan wrote:
> Yes my bad ... I missed that.  Just a thought, next time the
> documentation is updated, Section 5.1.1 Examples and Section 15.6 Rules
> for traffic exceeding QPS limits could both use a note that it is UDP
> only. Since it is such a simple action, I didn't even look at the
> reference. 

Yeah, it's on us, sorry about that.
I see Frank has already opened a pull request to fix that, thanks a lot!

> What do you think of this alternative, I could use the same MaxQPSIPRule
> rule and tag the query and pass it along to the recursor. In a lua
> script I could check the tag and add a delay. I need to read up on it ..
> but I am assuming the lua processing is multithreaded? I could also add
> a second MaxQPSIPRule with a higher qps value and add a DropAction to
> protect the recursor. 

Hmm, no, you can't block in a Lua script. That wouldn't be too bad in
1.3.x for TCP connections, since a thread only handled one connection at
a time, but in 1.4.0 a single thread can handle a lot of TCP
connnections at once so we can't afford to block there.
It's a bit more complicated in the recursor but basically you can't
block there either.

I'm afraid I don't really have a solution to offer if you want to delay
the response over TCP, sorry :-/ We should probably fix that since I
assume that people might want to delay over DoT or DoH too.

Best,
-- 
Remi Gacogne
PowerDNS BV - https://www.powerdns.com/

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Reply via email to