On 2020-11-18, mabi <[email protected]> wrote: >> The DNS RRL techniques typically still reply to a proportion of queries >> (either directly with the answer, or with a "retry over TCP" response >> code) reducing impact if the source IP is also used by real queries as >> well as the attack traffic. > > I've been looking into that in the past and as I am using PowerDNS 4.0.3 the > only valid config parameters I could find and which I already have in place > are the following: > > overload-queue-length=1 > max-tcp-connections=5 > > There is as far as I know no such parameter as "max-udp-connections". > >
>From what I can tell PowerDNS authoritative server doesn't handle this directly but you can implement it by front-ending with dnsdist. That isn't OpenBSD-specific so you are better asking on their mailing lists if you need help with this.
