> addPoolRule({"192.168.12.0/24", "192.168.13.14"}, "abuse")
```
+To define a pool that should receive a QPS-limited amount of traffic, do:
+
+```
+> addQPSPoolRule("com.", 10000, "gtld-cluster")
+```
+
+
Both `addDomainBlock` and `addPoolRule` end up the list of Rules
and Actions (for which see below).
* `addPoolRule({domain, domain}, pool)`: send queries to these domains to that pool
* `addPoolRule(netmask, pool)`: send queries to this netmask to that pool
* `addPoolRule({netmask, netmask}, pool)`: send queries to these netmasks to that pool
+ * `addQPsPoolRule(x, limit, pool)`: like `addPoolRule`, but only select at most 'limit' queries/s for this pool
* `getPoolServers(pool)`: return servers part of this pool
* Server selection policy related:
* `setServerPolicy(policy)`: set server selection policy to that policy
});
});
+ g_lua.writeFunction("addQPSPoolRule", [](boost::variant<string,vector<pair<int, string>> > var, int limit, string pool) {
+ SuffixMatchNode smn;
+ NetmaskGroup nmg;
+
+ auto add=[&](string src) {
+ try {
+ smn.add(DNSName(src));
+ } catch(...) {
+ nmg.addMask(src);
+ }
+ };
+ if(auto src = boost::get<string>(&var))
+ add(*src);
+ else {
+ for(auto& a : boost::get<vector<pair<int, string>>>(var)) {
+ add(a.second);
+ }
+ }
+ if(nmg.empty())
+ g_rulactions.modify([smn, pool,limit](decltype(g_rulactions)::value_type& rulactions) {
+ rulactions.push_back({
+ std::make_shared<SuffixMatchNodeRule>(smn),
+ std::make_shared<QPSPoolAction>(limit, pool) });
+ });
+ else
+ g_rulactions.modify([nmg,pool,limit](decltype(g_rulactions)::value_type& rulactions) {
+ rulactions.push_back({std::make_shared<NetmaskGroupRule>(nmg),
+ std::make_shared<QPSPoolAction>(limit, pool)});
+ });
+
+ });
g_lua.writeFunction("setDNSSECPool", [](const std::string& pool) {
g_rulactions.modify([pool](decltype(g_rulactions)::value_type& rulactions) {
addPoolRule({"ezdns.it.", "xxx."}, "abuse")
addPoolRule("192.168.1.0/24", "abuse")
+addQPSPoolRule("com.", 100, "abuse")
addDomainBlock("powerdns.org.")
addDomainBlock("spectre.")
string d_pool;
};
+
+class QPSPoolAction : public DNSAction
+{
+public:
+ QPSPoolAction(unsigned int limit, const std::string& pool) : d_qps(limit, limit), d_pool(pool) {}
+ DNSAction::Action operator()(const ComboAddress& remote, const DNSName& qname, uint16_t qtype, dnsheader* dh, int len, string* ruleresult) const override
+ {
+ if(d_qps.check()) {
+ *ruleresult=d_pool;
+ return Action::Pool;
+ }
+ else
+ return Action::None;
+ }
+ string toString() const override
+ {
+ return "max " +std::to_string(d_qps.getRate())+" to pool "+d_pool;
+ }
+
+private:
+ QPSLimiter d_qps;
+ string d_pool;
+};
+
class RCodeAction : public DNSAction
{
public:
projects / thirdparty / pdns.git / commitdiff
