On 8/16/19 3:04 PM, Brian Sullivan wrote: > Yes my bad ... I missed that. Just a thought, next time the > documentation is updated, Section 5.1.1 Examples and Section 15.6 Rules > for traffic exceeding QPS limits could both use a note that it is UDP > only. Since it is such a simple action, I didn't even look at the > reference.
Yeah, it's on us, sorry about that. I see Frank has already opened a pull request to fix that, thanks a lot! > What do you think of this alternative, I could use the same MaxQPSIPRule > rule and tag the query and pass it along to the recursor. In a lua > script I could check the tag and add a delay. I need to read up on it .. > but I am assuming the lua processing is multithreaded? I could also add > a second MaxQPSIPRule with a higher qps value and add a DropAction to > protect the recursor. Hmm, no, you can't block in a Lua script. That wouldn't be too bad in 1.3.x for TCP connections, since a thread only handled one connection at a time, but in 1.4.0 a single thread can handle a lot of TCP connnections at once so we can't afford to block there. It's a bit more complicated in the recursor but basically you can't block there either. I'm afraid I don't really have a solution to offer if you want to delay the response over TCP, sorry :-/ We should probably fix that since I assume that people might want to delay over DoT or DoH too. Best, -- Remi Gacogne PowerDNS BV - https://www.powerdns.com/
Description: OpenPGP digital signature
_______________________________________________ dnsdist mailing list firstname.lastname@example.org https://mailman.powerdns.com/mailman/listinfo/dnsdist