Hi, On 06/04/2022 11:02, me aharen wrote:
Can you explain the "minimum of 10 answers during that time to reduce the risk of false-positive" part? Does it mean a minimum of 10 queries within that window, should be SERVFAIL?
It means that we need to have seen at least 10 answers, SERVFAIL or not, for that client during the 60s window. The idea is that we do not want to apply the ratio to a very small sample, because then there is a much bigger risk of false positive as the sample is not representative at all.
The dynamic rule can also use DNSAction.Pool instead of DNSAction.Truncate. How do I make use of the Pool? This way I could redirect them to a separate server.
Unless I'm mistaken I am afraid we do not support routing to a pool on a dynamic block match, because I do not see a way to pass the destination pool on a dynamic block rule. That sounds like a valid use-case, of course, so please feel free to open a feature request on GitHub and I'll try to implement that in the next version.
Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
