From: phonedph1 <20867105+phonedph1@users.noreply.github.com> Date: Thu, 29 Apr 2021 02:17:56 +0000 (-0600) Subject: Update hooks.rst X-Git-Tag: dnsdist-1.6.0-rc2~6^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F10339%2Fhead;p=thirdparty%2Fpdns.git Update hooks.rst --- diff --git a/pdns/recursordist/docs/lua-scripting/hooks.rst b/pdns/recursordist/docs/lua-scripting/hooks.rst index 653ce61a19..471c355680 100644 --- a/pdns/recursordist/docs/lua-scripting/hooks.rst +++ b/pdns/recursordist/docs/lua-scripting/hooks.rst @@ -319,21 +319,19 @@ Dropping all traffic from botnet-infected users Frequently, DoS attacks are performed where specific IP addresses are attacked, often by queries coming in from open resolvers. These queries then lead to a lot of queries to 'authoritative servers' which actually often aren't nameservers at all, but just targets of attack. -The following script will add a requestor's IP address to a blocking set if they've sent a query that caused PowerDNS to attempt to talk to a certain subnet. - This specific script is, as of January 2015, useful to prevent traffic to ezdns.it related traffic from creating CPU load. This script requires PowerDNS Recursor 4.x or later. .. code-block:: Lua lethalgroup=newNMG() - lethalgroup:addMask("192.121.121.0/24") -- touch these nameservers and you die + lethalgroup:addMask("192.121.121.0/24") -- touch these nameservers and original query gets dropped function preoutquery(dq) print("pdns wants to ask "..dq.remoteaddr:toString().." about "..dq.qname:toString().." "..dq.qtype.." on behalf of requestor "..dq.localaddr:toString()) if(lethalgroup:match(dq.remoteaddr)) then - print("We matched the group "..lethalgroup:tostring().."!", "killing query dead & adding requestor "..dq.localaddr:toString().." to block list") + print("We matched the group "..lethalgroup:tostring().."! killing query dead from requestor "..dq.localaddr:toString()) dq.rcode = -3 -- "kill" return true end