Re: [Pdns-users] mongodb backend
2013/6/2 Aki Tuomi cmo...@youzen.ext.b2.fi: Not exactly the same problem. In MongoDB's case, the problem is that both mongodb and polarssl export the same function. This situtation is known as clash. It would not be a problem if they worked the same way, but unfortunately they do not, and for the moment, neither mongodb or polarssl author has renamed their function. Thanks for answers. Is that possible to switch ssl backends from polarssl to gnutls? -- Vasiliy Tolstov, e-mail: v.tols...@selfip.ru jabber: v...@selfip.ru ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] mongodb backend
On Mon, Jun 03, 2013 at 09:57:36AM +0400, Vasiliy Tolstov wrote: 2013/6/2 Aki Tuomi cmo...@youzen.ext.b2.fi: Not exactly the same problem. In MongoDB's case, the problem is that both mongodb and polarssl export the same function. This situtation is known as clash. It would not be a problem if they worked the same way, but unfortunately they do not, and for the moment, neither mongodb or polarssl author has renamed their function. Thanks for answers. Is that possible to switch ssl backends from polarssl to gnutls? If you guys want to run MongoDB, I could recommend using pipe or remotebackend to provide non-native support for it. Writing such script is not very complex. In upcoming 3.3 release of auth, I hope remotebackend will be able to provide with slave features too, which allows one to implement full backend with, say, python script. Aki Tuomi signature.asc Description: Digital signature ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] mongodb backend
Hello Vasiliy, On Jun 3, 2013, at 7:57 , Vasiliy Tolstov wrote: 2013/6/2 Aki Tuomi cmo...@youzen.ext.b2.fi: Not exactly the same problem. In MongoDB's case, the problem is that both mongodb and polarssl export the same function. This situtation is known as clash. It would not be a problem if they worked the same way, but unfortunately they do not, and for the moment, neither mongodb or polarssl author has renamed their function. Thanks for answers. Is that possible to switch ssl backends from polarssl to gnutls? No, not currently. Besides DNSSEC signing support, we use Polar for various internal purposes. Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] dns flood problem
Last weekend i had a DNS attack Is there some kind of IDS i can install in front of the pdns installation ? Thanxs for any advice on this. -Oorspronkelijk bericht- Van: Steffan Noord [mailto:steffanno...@gmail.com] Verzonden: zaterdag 1 juni 2013 15:33 Aan: pdns-users@mailman.powerdns.com Onderwerp: dns flood problem Hello list, Last night my server crashed with a high traffic load 100 mb/s When i stop pdns the server is working fine When i start pdns the server is going to 100 mbit incomming traffic Im running pdns-static.i386 3.1-1 all other dns servers running the same config is running fine any idees where to look. Looks like the dns server is under attack Thanks Steffan ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] dns flood problem
On 3/6/2013 11:48 πμ, Steffan Noord wrote: Last weekend i had a DNS attack Is there some kind of IDS i can install in front of the pdns installation ? Thanxs for any advice on this. Start from fail2ban. Easy to setup and very effective. Regards, Nick ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] dns flood problem
Hello Nick, Do you want to share your config with me. Wat are dns queries that we want to block ? Im starting the logs of pdns on a higher level I see some of these errors Received a malformed qdomain from 194.xx.xx.xx, 'error(2):\032Connection\032to\032service\032failed.xxx.com': sending servfail -Oorspronkelijk bericht- Van: Nikolaos Milas [mailto:nmi...@admin.noa.gr] Verzonden: maandag 3 juni 2013 11:25 Aan: Steffan Noord CC: pdns-users@mailman.powerdns.com Onderwerp: Re: [Pdns-users] dns flood problem On 3/6/2013 11:48 πμ, Steffan Noord wrote: Last weekend i had a DNS attack Is there some kind of IDS i can install in front of the pdns installation ? Thanxs for any advice on this. Start from fail2ban. Easy to setup and very effective. Regards, Nick ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] dns flood problem
On 3/6/2013 1:10 μμ, Steffan Noord wrote: Hello Nick, Do you want to share your config with me. Wat are dns queries that we want to block ? Im starting the logs of pdns on a higher level I see some of these errors Received a malformed qdomain from 194.xx.xx.xx, 'error(2):\032Connection\032to\032service\032failed.xxx.com': sending servfail Try: http://wiki.sosdg.org/software:fail2ban:bad-qdomain Nick ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Rate limiting IPs or another protection against abuses
On Jun 3, 2013, at 9:08 PM, Fernando Morgenstern wrote: Hi, I have an issue where several IPs are making thousands of MBOXFW requests. This overloads our Mysql backend and crashes our server. I tried to block them manually in our firewall, but there are lots of different IPs. Does Powerdns offers a way to rate limit IPs? Or is there another solution to this issue? Hi Fernando, Right now, we have no internal rate limiting options. For now, that means we recommend using (for example) iptables --limit. We expect this situation to change soon! bert ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users