Thanks. I will read-in on dnsdist this week. In the past i have treid it but dit something wrong in the config. I had pdns and dnsdig on one server. I think it would be better to use a sepperste vps for it.
Met vriendelijke groet, Steffan Noord Op ma 23 okt. 2023 10:00 schreef Andreas Danzer via Pdns-users < pdns-users@mailman.powerdns.com>: > Hello Steffan, > > that kind of attack is quite common these days. I would recommend > putting your authoriative nameservers behind dnsdist. Dnsdist acts as a > DNS firewall, proxy and loadbalancer. > > We're running some rulesets on dnsdist, that e.g. dynamically block IPs > that "produce" unusual high numbers of NXDOMAIN answers with their > queries (which is usually the case with IPs taking part in PRSD > attacks). You can also limit the number of queries per IP or loadbalance > queries to more than one backend DNS node. dnsdist is extreme powerfull > and versatile and the perfect tool to protect your DNS nodes. > > To be able to see, which domains are actually attacked, you should not > use pdns query logging - it has a big performance impact which makes the > situation even worse during an attack. Better use some traffic > capturing/sampling tools like pktvisor. It feeds data about the dns > queries to prometheus, which can be visualized with grafana. You can use > that same setup (prometheus & grafana) to monitor your dndist and pdns > installations. > > Am 20.10.2023 um 15:52 schrieb Steffan via Pdns-users: > > Well the problem was a small attack targeting a lot of subdomains of a > client. > > > > Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote 117.54.16.252 wants ' > payments.xxx.com|A', do = 1, bufsize = 1232 (4096): packetcache MISS > > Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote 2a02:2f0e:5fff:ffff::2 > wants 'skyline.xxx.com|A', do = 1, bufsize = 1232 (4096): packetcache MISS > > Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote 2a04:c602:409:fe::27 > wants 'app3.xxx.com|A', do = 1, bufsize = 1232: packetcache MISS > > > > I comes from many different ips and only 3 minutes 150mb/s > > > > I forgot on that time that I had logging on. So it could be that without > the logging the dns would be fast enough to handle it > > > > Average bandwith load is abouth 160k/s so no big deal. > > > > > > Met vriendelijke groet, > > > > Steffan Noord > > > > > > > > > > > > > > -----Oorspronkelijk bericht----- > > Van: Victor Hugo dos Santos <listas....@gmail.com> > > Verzonden: vrijdag 20 oktober 2023 15:45 > > Aan: All about using and deploying powerdns < > pdns-users@mailman.powerdns.com> > > CC: steffanno...@gmail.com > > Onderwerp: Re: [Pdns-users] multi dns server > > > > Hello there, > > > > The quantity of the domain, not necessarily reflect the quantity of > queries/load. > > you can have 5.000 domains with 1.000 QPS or you can have 1 domain with > 15.000 QPS !! :-) > > > > Anyway, you should monitor your servers and see if this issue is some > kind of "normal" stuff or some kind of problem (attack, data leak, > misconfiguration, etc). When you detect the problem, then you can decide > what to do. > > > > About NS3, NS4, it is a totally valid option, not only to balance the > queries between servers, but to improve your HA too !!! Nevertheless, you > still need to detect where the problem is, if not, you are only going to > spend time with the new NS server but the problem will still occur. > > > > Let us know what you find. > > > > Good luck > > > > > > > > > > > > > > > > On Fri, 20 Oct 2023 at 12:01, Steffan via Pdns-users < > pdns-users@mailman.powerdns.com> wrote: > >> > >> Hello, > >> > >> > >> > >> 2 days ago my 2 dns servers has 150mbit of data to process and the dns > went down. > >> After the flood was stopped it came up again. > >> > >> > >> > >> Im using pdns 4.8.3 on centos with mysql backends > >> > >> > >> I just wondering what will the best idee to spread the risk > >> > >> It is handling about 5000 domains so not a very big system. > >> > >> is it better to use a ns3, ns4 to spread the loads on multi servers Or > >> some kind of load balancing or multi ip setup on ns1 and ns2 on multi > >> servers > >> > >> > >> > >> Any other idees are welcome > >> > >> > >> > >> With regard > >> > >> > >> > >> Steffan > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> _______________________________________________ > >> Pdns-users mailing list > >> Pdns-users@mailman.powerdns.com > >> https://mailman.powerdns.com/mailman/listinfo/pdns-users > > > > > > > > -- > > -- > > Victor Hugo dos Santos > > http://www.vhsantos.net > > Linux Counter #224399 > > > > _______________________________________________ > > Pdns-users mailing list > > Pdns-users@mailman.powerdns.com > > https://mailman.powerdns.com/mailman/listinfo/pdns-users > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users >
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users