Hello Peter and Klaus, Sent: 13 September, 2012 12:11 by Peter van Dijk: > > On Sep 13, 2012, at 12:09 , Klaus Darilion wrote: > > > Interesting. > > > > Is the hook executed before or after the caches? > > The hook is executed after the caches, currently. I do not feel the current > hook implementation is suitable for RRL production; I do think it's a great > playground for writing rate limiting scripts. The exact placement of hooks > would be based on suggestions and requests from those writing the scripts.
If you want to do rate limiting against being used in a DDOS you really want to have it before any cache. The current location is good if you want to protect your backend from getting to many requests it can't handle. > > I am confused about the results in > http://mailman.powerdns.com/pipermail/pdns-dev/2012-June/001179.html It > seems that powerdns is slower without the LUA rate limiting script. What do I > miss here? > > Not sure - perhaps Mark can clarify. If the LUA rate limiting script is used the backend (MySQL in this test) doesn't get the requests and doesn't have to answer them. Only the first 500 in result set #2 are answered, the other requests are dropped and never go to the backend. This is causing the performance drop as far as I can see. > > Is there also a reliable filtering logic available as LUA script (e.g. similar to > the DNS RRL logic)? > > > I'm not aware of any scripts outside of that thread. Kind regards, Mark Scholten _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
