Hi,
I am using dnsdist 1.4.0-beta1 and am trying to detect queries that are
using a local/experimental optcode. For example, I have the following in
the dnsdist.conf file.
addAction(EDNSOptionRule(65002), DropAction())
and I see the rule in the webserver.
[image: Screen Shot 2019-07-31 at 12.47
ing I may not get to this before Friday my time.
Thanks,
brian
On Wed, Jul 31, 2019 at 3:36 PM Remi Gacogne
wrote:
> Hi Brian,
>
> On 7/31/19 6:57 PM, Brian Sullivan wrote:
> > I am using dnsdist 1.4.0-beta1 and am trying to detect queries that are
> > using a local/experiment
Hi,
I'd like to know where I should submit a feature request and what that
process might be?
Thanks,
brian
--
Brian M. Sullivan
Senior Staff Security Intelligence Engineer
bsulli...@lookout.com | www.lookout.com
___
dnsdist mailing list
dnsdist@ma
Hi,
I am running dnsdist 1.4.0-rc1 and I am seeing something odd. As a test I
have the following rule configured.
addAction(MaxQPSIPRule(2, 32, 48), DelayAction(500))
and I run 100 queries at 10 per second and my statistics from my client are
as follows:
Statistics for data/input/input1: min =
20 AM Remi Gacogne
wrote:
> Hi Brian,
>
> On 8/13/19 4:49 PM, Brian Sullivan wrote:
> > I'd like to know where I should submit a feature request and what that
> > process might be?
>
> The usual process is to open a new feature request on our Github
> repository [1]
PRule with a higher qps value and add a DropAction to protect the
recursor.
Thanks for your quick response,
Regards,
brian
On Fri, Aug 16, 2019 at 8:49 AM Remi Gacogne
wrote:
> Hi Brian,
>
> On 8/15/19 3:35 PM, Brian Sullivan wrote:
> > Enclosed is the pcap file
> >
>
Hi Remi,
Thanks for your insight ...
Regards,
brian
On Fri, Aug 16, 2019 at 9:29 AM Remi Gacogne
wrote:
>
> On 8/16/19 3:04 PM, Brian Sullivan wrote:
> > Yes my bad ... I missed that. Just a thought, next time the
> > documentation is updated, Section 5.1.1 Examples and
Hi All,
I have read through the documentation and maybe I missed this. Is there a
way to signal additional information from dnsdist to pdns recursor? For
example, I'd like when a rate limiter triggers to tag the query somehow so
that in the recursor I could do some special processing. Open to any
Hi All,
I am trying to use the truncate function associated with the CombAddress
object.
Here is the config:
*-- Any traffic that exceeds max qps will be loggedfunction
rateLimitRule(dq) dq.remoteaddr:truncate(24) errlog("Rate Limit Exceeded:
DNSDistRateLimiting "..dq.remoteaddr:toString(
ction.None, ""end*
Regards,
brian
On Wed, Aug 28, 2019 at 11:35 AM Brian Sullivan
wrote:
> Hi All,
>
> I am trying to use the truncate function associated with the CombAddress
> object.
>
> Here is the config:
>
>
>
>
>
>
> *-- Any traffic tha
Hi,
When I use a dynamic rule block and it gets triggered I see a log message
as follows:
*dnsdist[15542]: Inserting dynamic block for 10.51.76.142 for 10 seconds:
Exceeded Query Rate*
Is there a way to truncate the IP Address? It is considered PII and we are
required to not log any PII.
Regards
Hi All,
Works great! Thanks for putting this in 1.4!
There is one minor issue ... the documentation is incorrect.
minTLSVersion: str - Minimum version of the TLS protocol to support.
Possible values are ‘tls-1.0’, ‘tls-1.1’, ‘tls-1.2’ and ‘tls-1.3’.
The strings should not have the dash in them.
Hi All,
I have a question from our compliance team, is dnsdist FIPS 140-2 compliant?
thanks,
brian
--
Brian M. Sullivan
Senior Staff Security Intelligence Engineer
bsulli...@lookout.com | www.lookout.com
___
dnsdist mailing list
dnsdist@mailman.po
brian
On Tue, Sep 17, 2019 at 9:44 AM Stephane Bortzmeyer
wrote:
> On Tue, Sep 17, 2019 at 09:14:54AM -0400,
> Brian Sullivan wrote
> a message of 57 lines which said:
>
> > I have a question from our compliance team, is dnsdist FIPS 140-2
> compliant?
>
> I thought
Hi,
I am trying to configure the snmpAgent in dnsdist and get the following log
message.
NET SNMP support is required to use snmpAgent()
I am running dnsdist 1.4.0-rc5. I assume that NET SNMP support is not
provided in this release. What do I need to do to get NET SNMP support?
Thanks,
brian
--
not found, but is mandatory
lua does exist in /usr/local/lib/liblua.a
Any help would be greatly appreciated.
thanks,
brian
On Sat, Nov 23, 2019 at 11:12 AM Aleš Rygl wrote:
> On 22. 11. 19 20:08, Chris Hofstaedtler | Deduktiva wrote:
> > * Brian Sullivan [191122 17:18]:
> >>
Hi All,
I think I know the answer after looking at the code base but just wanted
someone to confirm.
Does DNS Dist have a hard coded idle timeout on DNS over TCP connections
which is not configurable?
I was hoping to adjust this timeout based on our application.
Thanks,
Brian
--
Brian M. S
Hi Remi,
Thanks! That works great. My bad for missing that in the doc.
Regards,
brian
On Mon, Dec 16, 2019 at 6:34 AM Remi Gacogne
wrote:
> Hi,
>
> On 12/13/19 9:55 PM, Brian Sullivan wrote:
> > I think I know the answer after looking at the code base but just wanted
> &g
Hi,
I am using version 1.4.0 of dnsdist.
When I query for json stats, it appears that the latency stats aren't
updated. Is there something I need to do to enable them?
Regards,
brian
"latency-avg100": 0,
"latency-avg1000": 0,
"latency-avg1": 0,
"latency-avg100": 0,
"
500,
> Brian Sullivan wrote
> a message of 83 lines which said:
>
> > I am using version 1.4.0 of dnsdist.
>
> Me too, and I didn't enable anything special.
>
> "latency-avg100": 108417.14787735096,
> "latency-avg1000": 120915.8
Hi,
Does dnsdist not calculate latency for DNS over TCP?
Regards,
brian
On Fri, Dec 20, 2019 at 11:26 AM Brian Sullivan
wrote:
> I am envious :-) ... I have the smallest possible config file so I have
> no idea why this is happening. I am running on Ubuntu16.04.
>
> Any id
Hi,
I am playing with DoH and tried an experiment.
I ran the command
curl -H 'accept: application/dns-message' -v '
https://cloudflare-dns.com/dns-query?dns=q80BAAABA3d3dwdleGFtcGxlA2NvbQAAAQAB'
| hexdump
and got a valid response. I then pointed it to my dnsdist instance and see
this in
Please disregard my previous email ... I figured it out.
On Fri, Mar 6, 2020 at 9:43 AM Brian Sullivan
wrote:
> Hi,
>
> I am playing with DoH and tried an experiment.
> I ran the command
>
> curl -H 'accept: application/dns-message' -v '
> http
23 matches
Mail list logo
