Re: [Pdns-users] Pipe & Slave

2012-09-13 Thread Mikhail Nasonov
Hello! Thank you for your reply. Yes, it's works. AXFR ACLs i need to do it myself in backend? If I enable "master=yes" in pdns.conf, will PowerDNS send notifications to NS servers? In PowerDNS documentation (http://doc.powerdns.com/backends-detail.html#pipebackend): Master No Slave No 12

Re: [Pdns-users] Fwd: DNS RRL for PowerDNS

2012-09-13 Thread Klaus Darilion
Hi Jörg! On 13.09.2012 14:17, joerg jungermann wrote: Hi Klaus! Are there any plans to implement DNS RRL (http://www.redbarn.org/dns/ratelimits) or similar for PowerDNS? These DNS amplification attacks are really annoying. Yes, this might be a nice feature. As DNS traffic regularily constist

Re: [Pdns-users] DNS RRL for PowerDNS

2012-09-13 Thread Klaus Darilion
On 13.09.2012 14:01, Mark Scholten wrote: I am confused about the results in >http://mailman.powerdns.com/pipermail/pdns-dev/2012-June/001179.html It >seems that powerdns is slower without the LUA rate limiting script. What do I >miss here? > >Not sure - perhaps Mark can clarify. If the LU

Re: [Pdns-users] DNS RRL for PowerDNS

2012-09-13 Thread Klaus Darilion
On 13.09.2012 12:11, Peter van Dijk wrote: Hello Klaus, On Sep 13, 2012, at 12:09 , Klaus Darilion wrote: Interesting. Is the hook executed before or after the caches? The hook is executed after the caches, currently. I do not feel the current hook implementation is suitable for RRL produ

Re: [Pdns-users] DNS RRL for PowerDNS

2012-09-13 Thread Thomas Mieslinger
Hi, I don't really like the idea to add more complexity to powerdns when I can have a solution right now with using firewall rules in the kernel. I'm sure it has a considerable performance impact if powerdns needs a counter with last updated timestamp for each and every source ip. These list

Re: [Pdns-users] Fwd: DNS RRL for PowerDNS

2012-09-13 Thread joerg jungermann
Hi Klaus! > Are there any plans to implement DNS RRL > (http://www.redbarn.org/dns/ratelimits) or similar for PowerDNS? These > DNS amplification attacks are really annoying. Yes, this might be a nice feature. As DNS traffic regularily constists of a lot of small UDP packets, that have to be tran

Re: [Pdns-users] DNS RRL for PowerDNS

2012-09-13 Thread Mark Scholten
Hello Peter and Klaus, Sent: 13 September, 2012 12:11 by Peter van Dijk: > > On Sep 13, 2012, at 12:09 , Klaus Darilion wrote: > > > Interesting. > > > > Is the hook executed before or after the caches? > > The hook is executed after the caches, currently. I do not feel the current > hook imple

[Pdns-users] TXT record parsing errors due to special characters

2012-09-13 Thread Klaus Darilion
Hi! We use pdns 3.1 (2607) as slave and we see several errors like: pdns[777]: Exception building answer packet (Unable to parse DNS TXT '"v=spf1 a include:spf.emailfiltering.com –all"') sending out servfail The TXT record looks good: regdns=# select content from records where type = 'TXT' A

Re: [Pdns-users] DNS RRL for PowerDNS

2012-09-13 Thread Peter van Dijk
Hello Klaus, On Sep 13, 2012, at 12:09 , Klaus Darilion wrote: > Interesting. > > Is the hook executed before or after the caches? The hook is executed after the caches, currently. I do not feel the current hook implementation is suitable for RRL production; I do think it's a great playground

Re: [Pdns-users] DNS RRL for PowerDNS

2012-09-13 Thread Klaus Darilion
Interesting. Is the hook executed before or after the caches? I am confused about the results in http://mailman.powerdns.com/pipermail/pdns-dev/2012-June/001179.html It seems that powerdns is slower without the LUA rate limiting script. What do I miss here? Is there also a reliable filterin