[dnsdist] DelayAction with dnsdist 1.4.0-rc1

2019-08-13 Thread Brian Sullivan
Hi, I am running dnsdist 1.4.0-rc1 and I am seeing something odd. As a test I have the following rule configured. addAction(MaxQPSIPRule(2, 32, 48), DelayAction(500)) and I run 100 queries at 10 per second and my statistics from my client are as follows: Statistics for data/input/input1: min =

[dnsdist] Feature Request?

2019-08-13 Thread Brian Sullivan
Hi, I'd like to know where I should submit a feature request and what that process might be? Thanks, brian -- Brian M. Sullivan Senior Staff Security Intelligence Engineer bsulli...@lookout.com | www.lookout.com ___ dnsdist mailing list

Re: [dnsdist] DelayAction with dnsdist 1.4.0-rc1

2019-08-16 Thread Brian Sullivan
Hi Remi, Thanks for your insight ... Regards, brian On Fri, Aug 16, 2019 at 9:29 AM Remi Gacogne wrote: > > On 8/16/19 3:04 PM, Brian Sullivan wrote: > > Yes my bad ... I missed that. Just a thought, next time the > > documentation is updated, Section 5.1.1 Examples and

Re: [dnsdist] DelayAction with dnsdist 1.4.0-rc1

2019-08-16 Thread Brian Sullivan
with a higher qps value and add a DropAction to protect the recursor. Thanks for your quick response, Regards, brian On Fri, Aug 16, 2019 at 8:49 AM Remi Gacogne wrote: > Hi Brian, > > On 8/15/19 3:35 PM, Brian Sullivan wrote: > > Enclosed is the pcap file > > > >

Re: [dnsdist] Feature Request?

2019-08-14 Thread Brian Sullivan
Remi Gacogne wrote: > Hi Brian, > > On 8/13/19 4:49 PM, Brian Sullivan wrote: > > I'd like to know where I should submit a feature request and what that > > process might be? > > The usual process is to open a new feature request on our Github > repository [1], f

[dnsdist] Sending additional info from dnsdist to recursor

2019-08-19 Thread Brian Sullivan
Hi All, I have read through the documentation and maybe I missed this. Is there a way to signal additional information from dnsdist to pdns recursor? For example, I'd like when a rate limiter triggers to tag the query somehow so that in the recursor I could do some special processing. Open to any

[dnsdist] ComboAddress truncate function?

2019-08-28 Thread Brian Sullivan
Hi All, I am trying to use the truncate function associated with the CombAddress object. Here is the config: *-- Any traffic that exceeds max qps will be loggedfunction rateLimitRule(dq) dq.remoteaddr:truncate(24) errlog("Rate Limit Exceeded: DNSDistRateLimiting

[dnsdist] Dynamic Rule Block Logs Host Address

2019-08-29 Thread Brian Sullivan
Hi, When I use a dynamic rule block and it gets triggered I see a log message as follows: *dnsdist[15542]: Inserting dynamic block for 10.51.76.142 for 10 seconds: Exceeded Query Rate* Is there a way to truncate the IP Address? It is considered PII and we are required to not log any PII.

Re: [dnsdist] ComboAddress truncate function?

2019-08-28 Thread Brian Sullivan
ction.None, ""end* Regards, brian On Wed, Aug 28, 2019 at 11:35 AM Brian Sullivan wrote: > Hi All, > > I am trying to use the truncate function associated with the CombAddress > object. > > Here is the config: > > > > > > > *-- Any traffic tha

[dnsdist] minTLSVersion Testing

2019-09-04 Thread Brian Sullivan
Hi All, Works great! Thanks for putting this in 1.4! There is one minor issue ... the documentation is incorrect. minTLSVersion: str - Minimum version of the TLS protocol to support. Possible values are ‘tls-1.0’, ‘tls-1.1’, ‘tls-1.2’ and ‘tls-1.3’. The strings should not have the dash in

[dnsdist] Is dnsdist FIPS 140-2 Compliant?

2019-09-17 Thread Brian Sullivan
Hi All, I have a question from our compliance team, is dnsdist FIPS 140-2 compliant? thanks, brian -- Brian M. Sullivan Senior Staff Security Intelligence Engineer bsulli...@lookout.com | www.lookout.com ___ dnsdist mailing list

Re: [dnsdist] Is dnsdist FIPS 140-2 Compliant?

2019-09-17 Thread Brian Sullivan
rds, brian On Tue, Sep 17, 2019 at 9:44 AM Stephane Bortzmeyer wrote: > On Tue, Sep 17, 2019 at 09:14:54AM -0400, > Brian Sullivan wrote > a message of 57 lines which said: > > > I have a question from our compliance team, is dnsdist FIPS 140-2 > compliant? > > I thought

Re: [dnsdist] EDNSOptionRule not triggering?

2019-07-31 Thread Brian Sullivan
may not get to this before Friday my time. Thanks, brian On Wed, Jul 31, 2019 at 3:36 PM Remi Gacogne wrote: > Hi Brian, > > On 7/31/19 6:57 PM, Brian Sullivan wrote: > > I am using dnsdist 1.4.0-beta1 and am trying to detect queries that are > > using a local/experimental op

[dnsdist] EDNSOptionRule not triggering?

2019-07-31 Thread Brian Sullivan
Hi, I am using dnsdist 1.4.0-beta1 and am trying to detect queries that are using a local/experimental optcode. For example, I have the following in the dnsdist.conf file. addAction(EDNSOptionRule(65002), DropAction()) and I see the rule in the webserver. [image: Screen Shot 2019-07-31 at