From: bert hubert Date: Fri, 5 Jun 2015 17:04:29 +0000 (+0200) Subject: add documentation, make sure dnsdist builds separately with delaypipe X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~78^2~19^2^2~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0ac2ddd9157d4d60fa891cfd5f2a6b60d2bd18d6;p=thirdparty%2Fpdns.git add documentation, make sure dnsdist builds separately with delaypipe --- diff --git a/pdns/README-dnsdist.md b/pdns/README-dnsdist.md index 611e74a997..54afb55073 100644 --- a/pdns/README-dnsdist.md +++ b/pdns/README-dnsdist.md @@ -198,6 +198,7 @@ Current actions are: * Return with TC=1 (truncated, ie, instruction to retry with TCP) * Force a ServFail, NotImp or Refused answer * Send out a crafted response (NXDOMAIN or "real" data) + * Delay a response by n milliseconds More power ---------- @@ -320,6 +321,26 @@ To delete a limit (or a rule in general): 1 0 nl., be. qps limit to 1 ``` +Delaying answers +---------------- +Sometimes, runaway scripts will hammer your servers with back-to-back +queries. While it is possible to drop such packets, this may paradoxically +lead to more traffic. + +An attractive middleground is to delay answers to such back-to-back queries, +causing a slowdown on the side of the source of the traffic. + +To do so, use: +``` +> addDelay("yourdomain.in.ua.", 500) +> addDelay({"65.55.37.0/24"}, 500) +``` +This will delay responses for questions to the mentioned domain, or coming +from the configured subnet, by half a second. + +Like the QPSLimits and other rules, the delaying instructions can be +inspected or edited using showRule(), rmRule(), topRule(), mvRule() etc. + Dynamic load balancing ---------------------- The default load balancing policy is called 'leastOutstanding', which means @@ -528,6 +549,11 @@ Here are all functions: * `addQPSLimit({domain, domain}, n)`: limit queries within those domains (together) to n per second * `addQPSLimit(netmask, n)`: limit queries within that netmask to n per second * `addQPSLimit({netmask, netmask}, n)`: limit queries within those netmasks (together) to n per second + * Delaying related: + * `addDelay(domain, n)`: delay answers within that domain by n milliseconds + * `addDelay({domain, domain}, n)`: delay answers within those domains (together) by n milliseconds + * `addDelay(netmask, n)`: delay answers within that netmask by n milliseconds + * `addDelay({netmask, netmask}, n)`: delay answers within those netmasks (together) by n milliseconds * Answer changing functions: * `truncateTC(bool)`: if set (default) truncate TC=1 answers so they are actually empty. Fixes an issue for PowerDNS Authoritative Server 2.9.22. * Advanced functions for writing your own policies and hooks diff --git a/pdns/dnsdistdist/populate b/pdns/dnsdistdist/populate index 12f9a1eb07..10bf8d14c7 100755 --- a/pdns/dnsdistdist/populate +++ b/pdns/dnsdistdist/populate @@ -9,7 +9,7 @@ ln -fs ../base32.hh ../base64.hh ../dnsdist.cc ../dnsdist.hh ../dnsdist-lua.cc \ ../iputils.cc ../iputils.hh ../misc.cc ../misc.hh ../namespaces.hh \ ../pdnsexception.hh ../qtype.cc ../qtype.hh ../sholder.hh ../sodcrypto.cc \ ../sodcrypto.hh ../dnsdist-web.cc ../sstuff.hh ../dnsdist-tcp.cc \ - ../dnsdist-carbon.cc . + ../dnsdist-carbon.cc ../delaypipe.cc ../delaypipe.hh . mkdir -p m4 ln -fs ../../../m4/pdns_check_libsodium.m4 m4/