--On 1 December 2020 at 10:30:21 -0600 Chuck Aurora wrote:
As for the wrong question - I don't get why it's 'wrong' to ask if
there's a better way of getting the total number of "denied" entries
Sorry, I skimmed the post quickly and thought you simply were asking about
parsing the stats
On 2020-12-01 10:25, Karl Pielorz wrote:
--On 1 December 2020 at 10:14:50 -0600 Chuck Aurora
wrote:
On 2020-12-01 04:43, Karl Pielorz wrote:
So, as the original person that posted the question :)
My question still stands (I'd never presumed this was valid traffic)
-
what I'm trying to
--On 1 December 2020 at 10:14:50 -0600 Chuck Aurora wrote:
On 2020-12-01 04:43, Karl Pielorz wrote:
So, as the original person that posted the question :)
My question still stands (I'd never presumed this was valid traffic) -
what I'm trying to find out if buried within the trove of stats
Probably best to ask Paul Vixie for confirmation.
I had implemented RRL when it was still an addon and that was what was
documented back then.
On 12/1/20 10:15 AM, Karl Pielorz wrote:
--On 1 December 2020 at 08:24:50 -0600 Lyle Giese
wrote:
You need to look at the reply named sends
--On 1 December 2020 at 08:24:50 -0600 Lyle Giese
wrote:
You need to look at the reply named sends when it trips and starts
limiting UDP traffic source from a given IP address. It tells the
requestor to try again using TCP instead of UDP.
So if the requestor is a legit dns server, it
On 2020-12-01 04:43, Karl Pielorz wrote:
So, as the original person that posted the question :)
My question still stands (I'd never presumed this was valid traffic) -
what I'm trying to find out if buried within the trove of stats
produced by 'rndc stats' is there any counter, that counts:
"
You need to look at the reply named sends when it trips and starts
limiting UDP traffic source from a given IP address. It tells the
requestor to try again using TCP instead of UDP.
So if the requestor is a legit dns server, it will retry using TCP and
still get a valid answer.
Named does
Hi all,
So there's been quite a thread - that originally started as "Bind stats -
denied queries" - and morphed into a whole discussion on spoofed UDP,
logging, RRL etc.
In my original post - I never said the original traffic was likely
legitimate in anyway (just so we're clear - I didn't
--On 30 November 2020 at 08:53:27 -0600 Lyle Giese
wrote:
Be careful 'rejecting' these outright. These queries are UDP
traffic(not TCP) and the source address is easily forged. RRL is the
correct way to limit these.
So, as the original person that posted the question :)
My question
Every entry is relevant, because that is how you configured it to be. Do
you even know that this limit is configured in your config at
'rate-limit {};'? It logs everything that exceeds this limit. (<- notice
the . period)
So you can dump queries from a host 192.168.a.b, exceeding this limit
10 matches
Mail list logo
