Hello Andrew, On Sep 7, 2011, at 6:36 AM, Andrew Melton wrote:
> Following the advice from the IRC channel, I am looking for throttling > support in PDNS. As I understand it, the rescursor currently has the ability > to suppress repetitive queries from being forwarded to an authoritative name > server. However, there is no mechanism to discourage those requests from the > client in the first place. Correct, no such mechanism is in place right now. > Essentially, instead of answering the a bogus query forever, at a certain > point, it would make sense to return an alternate response. After 50 > requests for an NXDOMAIN, the recursor could not only stop forwarding > queries, but reply with SRVFAIL or similar, updating its cache accordingly. Updating the recursor cache from NXDOMAIN to SERVFAIL, based on client request rate, sounds like a bad idea - but perhaps I am misreading you here. > Just as with setting a throttling threshold on forwarding, x requests within > y seconds would constitute a flood and instruct the recursor to protect > itself by altering its response to identical requests. The big question is: protect itself against what? Usually, because of the packetcache, these repeated queries do not actually hurt the recursor. In short: what problem are you trying to solve? Do you have a setup that is actively suffering from repeated queries? More information would help us understand your concerns. Kind regards, Peter van Dijk _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
