Hello,
please find a very simple example rate limiting script below.
Script limitations:
- os.time() is an integer so the cutoffs may be staggered in practice
- remotes never get cleared from the ips table
Prequery hook limitations:
- as mentioned before (I think), there is a script instance per
distributor-thread; set to 1 for easiest testing (so all invocations share the
same global data). I will work on making data (or just the script instance)
shared between threads)
- TCP queries do not pass prequery at all, currently
ips = {}
limit = 10
function prequery ( dnspacket )
-- pdnslog ("prequery called for ".. tostring(dnspacket) )
remote = dnspacket:getRemote()
time = os.time()
if not ips[remote] or ips[remote][1] ~= time
then
ips[remote]={time,0}
end
count = ips[remote][2]
count = count +1
if count > 10
then
dnspacket:setRcode(pdns.REFUSED)
pdnslog ("remote "..remote.." is over quota")
return true
end
ips[remote][2]=count
pdnslog("remote "..remote.." has asked "..count.." queries this second")
return false
end
Kind regards,
--
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
_______________________________________________
Pdns-dev mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-dev
