On 30/04/2019 14:57, Filipe Cifali wrote:
Other than that you can put a DNS cache in front of the authoritative to hold off those aggressive queries and give it a nice slab of RAM.
pdns has its own packetcache layer which works very well, but if every query is a different <randomstring>.<yourdomain> then any cache would be forced to pass the query through.
There might be some ways to deal with this. e.g. if <randomstring> is always more than a certain number of characters, dnsdist could filter them out (whilst explicitly whitelisting any other valid names which happen to be the same length)
The trouble is, you do still want to return NXDOMAIN normally to regular typos.
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
