Hi, Is there any update here? Could anyone help me on this ? BR, Hamed Haghshenas -----Original Message----- From: Hamed Haghshenas [mailto:haghshe...@chavoosh.com] Sent: Saturday, July 21, 2018 10:38 AM To: 'pdns-users@mailman.powerdns.com' <pdns-users@mailman.powerdns.com> Subject: RE: [Pdns-users] PDNS Authoritative Server DDOS Protection
Hi Bert, Thanks for your solution, I use it same as below: local dbr = dynBlockRulesGroup() dbr:setQueryRate(3, 10, "Exceeded query rate", 60) dbr:setRCodeRate(dnsdist.NXDOMAIN, 3, 10, "Exceeded NXD rate", 60) dbr:setRCodeRate(dnsdist.SERVFAIL, 3, 10, "Exceeded ServFail rate", 60) dbr:setQTypeRate(dnsdist.ANY, 3, 10, "Exceeded ANY rate", 60) dbr:setResponseByteRate(5000, 10, "Exceeded resp BW rate", 60) function maintenance() dbr:apply() end For attacks build by Mausezahn with small Src Address subnet, worked fine and blocked every /32 subnet that reach the query rate . but when use big SRC subnet like /20 it can't manage the queries and CPU rate increase . could you please let me know is there any way to force Dyn blocked function check /24 subnet instead of /32 and, for every /24 SRC subnet, if query rate exceed then block /24 subnet . for example for 10.10.10.0/24, if query rate exist 10 for 10s then block 10.10.10.0/24. BR, Hamed Haghshenas -----Original Message----- From: Pdns-users [mailto:pdns-users-boun...@mailman.powerdns.com] On Behalf Of bert hubert Sent: Tuesday, July 17, 2018 3:49 PM To: pdns-users@mailman.powerdns.com Subject: Re: [Pdns-users] PDNS Authoritative Server DDOS Protection On Tue, Jul 17, 2018 at 03:24:22PM +0430, Hamed Haghshenas wrote: > Could you please let me know how handle these large DDOS attacks? Hi Hamed, Please take a look at https://dnsdist.org/guides/dynblocks.html#dynblockrulesgroup This is specifically meant for the case of many different IP addresses attacking you. Good luck! _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
