Hi Hamed, On 07/21/2018 08:08 AM, Hamed Haghshenas wrote: > For attacks build by Mausezahn with small Src Address subnet, worked > fine and blocked every /32 subnet that reach the query rate . but > when use big SRC subnet like /20 it can't manage the queries and CPU > rate increase .
What is the size of your in-memory ring buffers? The dynamic blocks code uses them to look at recent queries and responses, and to apply the rate limits. If you have a very high number of queries per second, you might need to increase the size of the buffers (see [1]) so we are scanning at least a few seconds of traffic. But more importantly, if you have more than one receiver thread (created with addLocal()) or backend thread (created with newServer()) you'll want to take advantage of the sharding of the buffers introduced in 1.3.0 to limit lock contention. I have had good results with the following setRingBuffersSize(): setRingBuffersSize(1000000, 500) It increases the size of the buffers to 1M entries instead of the 10k default, which might be a bit too much depending on your usage, and split them into 500 shards so a thread is much less likely to be waiting for another one to finish using the buffers. > could you please let me know is there any way to force Dyn blocked > function check /24 subnet instead of /32 and, for every /24 SRC > subnet, if query rate exceed then block /24 subnet . for example for > 10.10.10.0/24, if query rate exist 10 for 10s then block > 10.10.10.0/24. I'm afraid there is currently no way to do that with dnsdist. Please feel free to open a new feature request at [2] so we remember to look into it. [1]: https://dnsdist.org/reference/config.html#setRingBuffersSize [2]: https://github.com/PowerDNS/pdns/issues/new Best regards, Remi > -----Original Message----- From: Pdns-users > [mailto:pdns-users-boun...@mailman.powerdns.com] On Behalf Of bert > hubert Sent: Tuesday, July 17, 2018 3:49 PM To: > pdns-users@mailman.powerdns.com Subject: Re: [Pdns-users] PDNS > Authoritative Server DDOS Protection > > On Tue, Jul 17, 2018 at 03:24:22PM +0430, Hamed Haghshenas wrote: >> Could you please let me know how handle these large DDOS attacks? > > Hi Hamed, > > Please take a look at > https://dnsdist.org/guides/dynblocks.html#dynblockrulesgroup > > This is specifically meant for the case of many different IP > addresses attacking you. > > Good luck! > > _______________________________________________ Pdns-users mailing > list Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users > > > _______________________________________________ Pdns-users mailing > list Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users > -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
