[dnsdist] dnsdist Drops, revisited

Hi list, I’m curious on the “high" amount of Drops I see on one dnsdist 1.4.0 (debian derived packages) frontend compared to other(s) And I’m guessing the main reason is workload, which is different (services/servers use this resolver that Drops more). I don’t find the “high” Drops numbers sati

Re: [dnsdist] dnsdist Drops, revisited

ll rules. > https://kb.isc.org/docs/aa-01183 Yes, It’s already turned off via rules. But I also turned off the FWs completely in my tests too, with no noticeable difference in Drops, (but I didn’t measure if there was any difference in latency though) > Regards, > > Michael > &

Re: [dnsdist] dnsdist Drops, revisited

Hi Remi, Thanks for your clarifications (see inline below) > On 6 Mar 2020, at 14:26, Remi Gacogne via dnsdist > wrote: > > Signed PGP part > Hi, > > On 3/6/20 8:09 AM, Fredrik Pettai via dnsdist wrote: >>> On 6 Mar 2020, at 05:42, Michael Van Der Beek >&g

Re: [dnsdist] [EXT] Re: First alpha release of dnsdist 1.5.0

Hi Remi, > On 23 Mar 2020, at 09:41, Remi Gacogne via dnsdist > wrote: > > Signed PGP part > Hi Frederikn > > On 3/21/20 2:16 PM, Frederik Pettai wrote: >>> On 20 Mar 2020, at 14:32, Remi Gacogne via dnsdist >>> wrote: >>> >>> […] The most exciting new feature is the implementation of the >>

[dnsdist] reset stats counters after reading them?

Hi, Is there a way to make dnsdist reset all (dump)stats counters after reading them? (nothing shows up here https://dnsdist.org/statistics.html) To exemplify this in another resolver-project, unbound(-control) has the options “stats" and “stats_noreset” ) Re, /P __

[dnsdist] manipulate dynBlockRulesGroup() at runtime?

Hi, Is there a way to manipulate dynBlockRulesGroup():excludeRange at runtime, for instance add networks to the excludeRange ? And how to I look/print what current object holds with :toString() ? > dynBlockRulesGroup():toString() Query rate rule: Response rate rule: SuffixMatch rule: RCode rule

Re: [dnsdist] manipulate dynBlockRulesGroup() at runtime?

> On 16 Apr 2020, at 11:25, Remi Gacogne via dnsdist > wrote: > > Signed PGP part > Hi Fredrik, > > On 4/15/20 6:05 PM, Fredrik Pettai via dnsdist wrote: >> Is there a way to manipulate dynBlockRulesGroup():excludeRange at runtime, >> for instance add networks

Re: [dnsdist] manipulate dynBlockRulesGroup() at runtime?

> On 16 Apr 2020, at 16:19, Fredrik Pettai via dnsdist > wrote: > > Signed PGP part > >> On 16 Apr 2020, at 11:25, Remi Gacogne via dnsdist >> wrote: >> >> Signed PGP part >> Hi Fredrik, >> >> On 4/15/20 6:05 PM, Fredrik P

Re: [dnsdist] GEOIP with dnsdist?

If that’s your only true goal, maybe you should look at this instead: https://github.com/abh/geodns Re, /P > On 10 May 2023, at 10:41, Marco Mangione via dnsdist > wrote: > > Good morning everyone, > My name is Luke, I'm new to the list and I'm new to dnsdist. > > I arrived at this solution

[dnsdist] dnsdist[]: While reading a TCP question: accepting new connection on socket: Too many open files

Hi, One dnsdist instance recently got overloaded, and the message (subject + below) appeared a lot in the logs: “dnsdist[]: While reading a TCP question: accepting new connection on socket: Too many open files" Is this only related to too much DNS-traffic over TCP, or could lots of DNS

Re: [dnsdist] dnsdist[]: While reading a TCP question: accepting new connection on socket: Too many open files

Hi Jacob, Thanks for your input and see my answers below (inline) > On 26 Jul 2023, at 13:50, Jacob Bunk Nielsen via dnsdist > wrote: > > Fredrik Pettai via dnsdist writes: > >> One dnsdist instance recently got overloaded, and the message (subject + >> below)

[dnsdist] Dnsdist 1.8.x with eBPF rules on arm64, not working.

Hi, I’m trying to test eBPF filtering on a vanilla Ubuntu 22.04 jammy arm64 with the debian-based package of dnsdist 1.8 (https://packages.debian.org/trixie/dnsdist), but there is some kind issue then running on arm64. I’ve configured the system exactly the same as on an amd64 system that work

[dnsdist] setDynBlocksWarningAction(action) or something equal?

Hi, Sometimes I try to see how “open” resolvers handles abusive clients... It seems that one way of handling them, is to answering with the TC flag after a bunch of queries that ends up as NXDOMAIN or SERVFAIL replies. Now, https://dnsdist.org/guides/dynblocks.html is the simples way of configu

[dnsdist] Enabling cache for certain sources?

Hi, > On 17 Apr 2024, at 08:52, Jacob Bunk Nielsen via dnsdist > wrote: > > Andreas Wili via dnsdist writes: > >> Now, there are two servers on the network for which all DNS queries must >> not be cached. > > Ahh, then you just do: > > no_cache_ips = newNMG() > > -- IPs of servers that sho

Re: [dnsdist] Enabling cache for certain sources?

> On 20 Apr 2024, at 19:59, Jacob Bunk Nielsen via dnsdist > wrote: > > Fredrik Pettai via dnsdist writes: > >>> addAction(NetmaskGroupRule(no_cache_ips, true), SetSkipCacheAction()) >> >> Slightly OT, I wonder if it would be possible to reverse the sugg

Re: [dnsdist] Enabling cache for certain sources?

ll but this cidr > > dbr_relaxed:excludeRange("0/0") -- first remove them all > dbr_relaxed:includeRange("192.0.2.0/24") -- all but this cidr > > >> >> Frank Louwers >> PowerDNS Certified Consultant @ Kiwazo.be >> >> >