Re: [dnsdist] DelayAction with dnsdist 1.4.0-rc1
Hi Remi, Yes my bad ... I missed that. Just a thought, next time the documentation is updated, Section 5.1.1 Examples and Section 15.6 Rules for traffic exceeding QPS limits could both use a note that it is UDP only. Since it is such a simple action, I didn't even look at the reference. What do you think of this alternative, I could use the same MaxQPSIPRule rule and tag the query and pass it along to the recursor. In a lua script I could check the tag and add a delay. I need to read up on it .. but I am assuming the lua processing is multithreaded? I could also add a second MaxQPSIPRule with a higher qps value and add a DropAction to protect the recursor. Thanks for your quick response, Regards, brian On Fri, Aug 16, 2019 at 8:49 AM Remi Gacogne wrote: > Hi Brian, > > On 8/15/19 3:35 PM, Brian Sullivan wrote: > > Enclosed is the pcap file > > > > > > My assumption is that I should have seen a 1 second delay added to > > queries 3 - 10. Or at least some subset of them since the first delay > > would have throttled the dns test client. > > Looking at the PCAP, it seems that you are sending your queries over > TCP. I'm afraid DelayAction() is UDP-only at the moment. I believe it's > mentioned in the documentation but perhaps we should make that clearer :-/ > > Best regards, > -- > Remi Gacogne > PowerDNS BV - https://www.powerdns.com/ > ___ > dnsdist mailing list > dnsdist@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/dnsdist > -- Brian M. Sullivan Senior Staff Security Intelligence Engineer bsulli...@lookout.com | www.lookout.com ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] DelayAction with dnsdist 1.4.0-rc1
Hi Brian, On 8/15/19 3:35 PM, Brian Sullivan wrote: Enclosed is the pcap file My assumption is that I should have seen a 1 second delay added to queries 3 - 10. Or at least some subset of them since the first delay would have throttled the dns test client. Looking at the PCAP, it seems that you are sending your queries over TCP. I'm afraid DelayAction() is UDP-only at the moment. I believe it's mentioned in the documentation but perhaps we should make that clearer :-/ Best regards, -- Remi Gacogne PowerDNS BV - https://www.powerdns.com/ ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] DelayAction with dnsdist 1.4.0-rc1
Hi Brian, On 8/13/19 7:28 PM, Brian Sullivan wrote: > I am running dnsdist 1.4.0-rc1 and I am seeing something odd. As a test > I have the following rule configured. > > addAction(MaxQPSIPRule(2, 32, 48), DelayAction(500)) > > and I run 100 queries at 10 per second and my statistics from my client > are as follows: > > Statistics for data/input/input1: min = 52.35 ave = 59.13 max = 131.05 > > The following is a snippit from the webserver > > Screen Shot 2019-08-13 at 1.27.56 PM.png > > Any ideas on what is going on? It's hard to say without knowing exactly how the client sends the queries, in particular whether it waits for an answer before sending the next query. Perhaps a network capture would help? Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
[dnsdist] DelayAction with dnsdist 1.4.0-rc1
Hi, I am running dnsdist 1.4.0-rc1 and I am seeing something odd. As a test I have the following rule configured. addAction(MaxQPSIPRule(2, 32, 48), DelayAction(500)) and I run 100 queries at 10 per second and my statistics from my client are as follows: Statistics for data/input/input1: min = 52.35 ave = 59.13 max = 131.05 The following is a snippit from the webserver [image: Screen Shot 2019-08-13 at 1.27.56 PM.png] Any ideas on what is going on? Thanks, brian -- Brian M. Sullivan Senior Staff Security Intelligence Engineer bsulli...@lookout.com | www.lookout.com ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
