Von: Dan McCombs <dmcco...@digitalocean.com> Gesendet: Montag, 8. Januar 2024 17:28 An: Klaus Darilion <klaus.daril...@nic.at> Cc: dnsdist@mailman.powerdns.com Betreff: Re: [dnsdist] Suggestions for rules to block abusive traffic
Hi Klaus! In our case we are affected as we use Pdns + DB backend as backend. Yep, that's exactly our case as well - our legacy Pdns + mysql backends don't handle this very well. Longer term we intend to move away from that, but finding some improvements in the meantime for handling these floods would be helpful. I'll let you know if we come up with anything interesting! If you use PDNS make sure to use at least version 4.5 and use https://doc.powerdns.com/authoritative/settings.html#zone-cache-refresh-interval and https://doc.powerdns.com/authoritative/settings.html#setting-consistent-backends=yes (this saves plenty of DB queries). Further, the DB server must have enough RAM to have the database in RAM (i.e. in the linux file buffers). Further you might be interested in https://indico.dns-oarc.net/event/47/contributions/1008/ and https://indico.dns-oarc.net/event/47/contributions/1017/ if you plan to use another name server. Another very fresh option would be PDNS + lmdb backend and https://doc.powerdns.com/lightningstream/ for replication. For dnsdist there are probably other guys with more know. Regards Klaus
_______________________________________________ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
