Hi! During random subdomain attacks we often hit the max-queue-length: pdns_server-customer1[51284]: 5001 questions waiting for database/backend attention. Limit is 5000, respawning
This happens constantly (+50K q/s). Of course we try to filter with dnsdist/iptables/... but until our detection and dynamic filtering kicks in, the attacks fully hits PDNS and causes constant respawning. I think this respawning causes aditional load, backend DOWN/UP in dnsdist, outages during " Service hold-off time over". When the queue is full, instead of respawning, I would like PowerDNS to: - just stop reading from incoming sockets (Linux input buffer will overflow and packets will be dropped), or - read packets from incoming sockets and discard them, or - just flush the queue, or - any other ideas? Are there any options to avoid respawning but keep the queue-length at a sane value? Thanks Klaus _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
