Re: [Pdns-users] DNS RRL for PowerDNS

2012-09-13 Thread Klaus Darilion
On 13.09.2012 14:01, Mark Scholten wrote: I am confused about the results in >http://mailman.powerdns.com/pipermail/pdns-dev/2012-June/001179.html It >seems that powerdns is slower without the LUA rate limiting script. What do I >miss here? > >Not sure - perhaps Mark can clarify. If the LU

Re: [Pdns-users] DNS RRL for PowerDNS

2012-09-13 Thread Klaus Darilion
On 13.09.2012 12:11, Peter van Dijk wrote: Hello Klaus, On Sep 13, 2012, at 12:09 , Klaus Darilion wrote: Interesting. Is the hook executed before or after the caches? The hook is executed after the caches, currently. I do not feel the current hook implementation is suitable for RRL produ

Re: [Pdns-users] DNS RRL for PowerDNS

2012-09-13 Thread Thomas Mieslinger
Hi, I don't really like the idea to add more complexity to powerdns when I can have a solution right now with using firewall rules in the kernel. I'm sure it has a considerable performance impact if powerdns needs a counter with last updated timestamp for each and every source ip. These list

Re: [Pdns-users] DNS RRL for PowerDNS

2012-09-13 Thread Mark Scholten
Hello Peter and Klaus, Sent: 13 September, 2012 12:11 by Peter van Dijk: > > On Sep 13, 2012, at 12:09 , Klaus Darilion wrote: > > > Interesting. > > > > Is the hook executed before or after the caches? > > The hook is executed after the caches, currently. I do not feel the current > hook imple

Re: [Pdns-users] DNS RRL for PowerDNS

2012-09-13 Thread Peter van Dijk
Hello Klaus, On Sep 13, 2012, at 12:09 , Klaus Darilion wrote: > Interesting. > > Is the hook executed before or after the caches? The hook is executed after the caches, currently. I do not feel the current hook implementation is suitable for RRL production; I do think it's a great playground

Re: [Pdns-users] DNS RRL for PowerDNS

2012-09-13 Thread Klaus Darilion
Interesting. Is the hook executed before or after the caches? I am confused about the results in http://mailman.powerdns.com/pipermail/pdns-dev/2012-June/001179.html It seems that powerdns is slower without the LUA rate limiting script. What do I miss here? Is there also a reliable filterin

Re: [Pdns-users] DNS RRL for PowerDNS

2012-09-12 Thread Peter van Dijk
Hello Klaus, On Sep 12, 2012, at 16:54 , Klaus Darilion wrote: > Are there any plans to implement DNS RRL > (http://www.redbarn.org/dns/ratelimits) or similar for PowerDNS? These DNS > amplification attacks are really annoying. The thread that starts at http://mailman.powerdns.com/pipermail/

Re: [Pdns-users] DNS RRL for PowerDNS

2012-09-12 Thread Jan-Piet Mens
Klaus, > Are there any plans to implement DNS RRL > (http://www.redbarn.org/dns/ratelimits) or similar for PowerDNS? > These DNS amplification attacks are really annoying. asking, just like that without promising anything, won't get you anywhere... ;-) Look at what Paul Vixie promises below ;-)

[Pdns-users] DNS RRL for PowerDNS

2012-09-12 Thread Klaus Darilion
Hi! Are there any plans to implement DNS RRL (http://www.redbarn.org/dns/ratelimits) or similar for PowerDNS? These DNS amplification attacks are really annoying. regards Klaus ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailm