Dear bert,
Hi, and thanks for your solution,
I configure the dnsdist like below :
setLocal("172.16.1.98:53", {reuseport=true})
addLocal('127.0.0.1:53')
newServer("127.0.0.1:5300")
newServer("172.16.1.106:5300")
setACL({'0.0.0.0/0'})
addAction(MaxQPSIPRule(2, 24, 48), DropAction())
carbonServer("172.16.1.166", "web45-dnsdist")
controlSocket('127.0.0.1:5199')
setConsoleACL('127.0.0.0/24')
setKey("6mJMt0+Bh7nmtCd0hzxvA5UtsywEpfTq8V4uvWYequc=")
webserver("172.16.1.98:8083", "Chav00sh", "6mJMt0+Bh7")
I use Mausezahn to simulate DOS and DDOS attack. when check the webserver
and my metronome, in DOS attack do best and CPU is in low rate but when make
DDOS attack with random SRC IP Addresses the CPU increase to 90%, many
queries drops, and the match rule is not effective .
Could you please let me know how handle these large DDOS attacks?
use the EBPF kernel can manage DDOS?
Noted I use this command to make DDOS attacks .
mz eno16777728 -A rand -B 172.16.1.98 -t dns "q=geo.web45.ir" -c 0 -d 1 -4
BR,
Hamed Haghshenas
-----Original Message-----
From: bert hubert [mailto:bert.hub...@powerdns.com]
Sent: Saturday, July 7, 2018 4:39 PM
To: Hamed Haghshenas <haghshe...@chavoosh.com>
Cc: pdns-users@mailman.powerdns.com
Subject: Re: [Pdns-users] PDNS Authoritative Server DDOS Protection
On Sat, Jul 07, 2018 at 03:49:16PM +0430, Hamed Haghshenas wrote:
> I'm using PDNS Authoritative Server 4.1.3, today I see my server not
> response and error or timeout on resolves .
Hi Hamed,
What you can best do is install dnsdist and put it in front of your
authoritative servers.
Try this dnsdist.conf, assuming your auth server will listen on 127.0.0.1
and your current auth server IP is 1.2.3.4:
newServer("127.0.0.1")
setLocal("1.2.3.4")
addAction(MaxQPSIPRule(10), DropAction())
This restricts each individual IP address to 10 queries per second. I also
recommend you setup the internal webserver which will give you a good feel
for what is going on, https://dnsdist.org/guides/webserver.html
If you don't want to drop, you can also shift traffic to TCP which stops
most attacks:
addAction(AndRule({TCPRule(false), MaxQPSIPRule(10)}), TCAction())
If this is not enough, you could use the EBPF kernel based limits as
described in https://dnsdist.org/advanced/ebpf.html
This allows you to filter like 20gbit/s of unwanted traffic if need be, but
it does require a recent kernel.
Good luck!
>
> When check the server see to many DNS requests from some IPs from
> Brazil like DDOS attack. To fix errors and timeouts, I block the
> attacker subnet in my firewall .
>
>
>
> Now could you please let me know how protect my server from DOS and
> DDOS attacks ?
>
>
>
> Best Regards,
>
>
>
> Hamed Haghshenas
>
>
>
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
