From 7e20dd9dfe43532da4f129133c3b9c1e0c8dbc59 Mon Sep 17 00:00:00 2001 From: phonedph1 <20867105+phonedph1@users.noreply.github.com> Date: Wed, 28 Apr 2021 20:17:56 -0600 Subject: [PATCH] Update hooks.rst --- pdns/recursordist/docs/lua-scripting/hooks.rst | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/pdns/recursordist/docs/lua-scripting/hooks.rst b/pdns/recursordist/docs/lua-scripting/hooks.rst index 653ce61a19..471c355680 100644 --- a/pdns/recursordist/docs/lua-scripting/hooks.rst +++ b/pdns/recursordist/docs/lua-scripting/hooks.rst @@ -319,21 +319,19 @@ Dropping all traffic from botnet-infected users Frequently, DoS attacks are performed where specific IP addresses are attacked, often by queries coming in from open resolvers. These queries then lead to a lot of queries to 'authoritative servers' which actually often aren't nameservers at all, but just targets of attack. -The following script will add a requestor's IP address to a blocking set if they've sent a query that caused PowerDNS to attempt to talk to a certain subnet. - This specific script is, as of January 2015, useful to prevent traffic to ezdns.it related traffic from creating CPU load. This script requires PowerDNS Recursor 4.x or later. .. code-block:: Lua lethalgroup=newNMG() - lethalgroup:addMask("192.121.121.0/24") -- touch these nameservers and you die + lethalgroup:addMask("192.121.121.0/24") -- touch these nameservers and original query gets dropped function preoutquery(dq) print("pdns wants to ask "..dq.remoteaddr:toString().." about "..dq.qname:toString().." "..dq.qtype.." on behalf of requestor "..dq.localaddr:toString()) if(lethalgroup:match(dq.remoteaddr)) then - print("We matched the group "..lethalgroup:tostring().."!", "killing query dead & adding requestor "..dq.localaddr:toString().." to block list") + print("We matched the group "..lethalgroup:tostring().."! killing query dead from requestor "..dq.localaddr:toString()) dq.rcode = -3 -- "kill" return true end -- 2.47.2