Hello, On 25 Jun 2014, at 18:26 , Aki Tuomi <cmo...@youzen.ext.b2.fi> wrote:
> On Wed, Jun 25, 2014 at 11:33:44AM -0400, Edwin wrote: >> I was wondering if it is possible to throttle/rate-limit DNS >> requests that are incoming to a PowerDNS recursing server, without >> having to rely on IPtables. A little of context, we are getting >> thousands of requests per second to our resolvers from some (a >> handful) IP addresses, and we wish to proactively throttle requests >> when the query rate exceeds a certain threshold, in order to avoid >> the abuse of our servers. > > The 3.6.0 version combined with a particular LUA script will achieve this. See > http://mailman.powerdns.com/pipermail/pdns-dev/2014-June/001452.html > > And > https://github.com/Habbie/pdns/blob/luapolicy/pdns/policy-example-rrl.lua That script is for the upcoming auth release. The Lua interface in the Recursor has different hooks (but porting scripts is doable). That specific script will do no good for your Recursor issues, however. This may interest you: http://blog.powerdns.com/2014/04/03/further-dos-guidance-packages-and-patches-available/ Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
